|
 |
|
 |
| Sunday, September 05, 2010
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
SullyC |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
53 |
 |
People Online: |
 |
Visitors:
1 |
 |
Members:
0 |
 |
Total:
1 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
Lee Drake
Posts:238
 |
| 05/20/2002 1:17 PM |
|
| What is affected:
ICQ Instant messaging software prior to the current version, running on Windows platforms. (Version 3659 is the current version) You can determine version by checking Main/Help/About. You can upgrade to the current version by installing it from ICQ's site at:
www.ICQ.com
What is the Vulnerability?
An unprotected buffer allows a remote user to possibly execute arbitrary code on you machine. This could be exploited by a virus or worm, and could allow someone to take over your machine, through ICQ, and install remote control or destructive payload software on it.
How to Protect Yourself
Your best bet is to not run ICQ until you have updated to the latest version of the software (download it from www.icq.com) . While you're configuring that version, you might also want to change the following security selections within ICQ to be sure that you're running as securely as you can:
Choose Main/Security and Privacy options:
General - require authorization for users to add you - this makes it so a user must ask you to authorize to see your online status. You don't want just anyone seeing you're online - then they know when your machine is up to attempt a hack.
General - Uncheck "Allow my online status to show on the web". This again allows those that don't even HAVE ICQ to see if you're online or not.
Under Permissions - Communications events - Unknown message, click under the X (Red), Everything else in this category click on only people on my contact list (yellow)
Under Permissions - Contact info / files - Phone numbers and picture request - only those on my contact list, Share files check X no one.
Peer to Peer connections - Allow peer to peer with users listed on your contact list, and do not allow peer to peer with older versions of ICQ
Messages - Check Accept messages only from users on my contact list, Check do not accept multi-recipient messages from users NOT on my contact list (these are almost always spam), You may choose whether to accept ww pager messages or icqmail messages.
Web site integration - your choice but I'd recommend checking the last option (No I don't want 3rd parties to use my icq information to send me promotions) - at the very least set it to the middle setting so that it will notify you if a website tries this - if you don't you'll potentially be releasing your icq info to a web hoster simply by surfing onto their site.
DO NOT download and install the new "ICQ file sharing service" This service opens your machine up to be an FTP server and has huge potential for damage. I'd advise against using or installing this service
Be sure to hit APPLY after making each change.
Further Details
See references at:
http://www.cert.org/advisories/CA-2002-02.html
http://web.icq.com/help/quickhelp/1,,117,00.html
Summary
This is a so far unexploited vulnerability in ICQ, but since millions of ICQ users are potentially vulnerable and the nature of ICQ is that it is on and active all the time the potential for rapid fire spreading of a worm that exploits this virus is huge. I'd highly recommend getting your ICQ updated to the latest version and making the security changes listed above.
This concludes this VirusWarn notice.
Lee Drake, Moderator |
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|
|
|
|
|