America Online ICQ Compromised
Investigators of TippingPoint cautioned America Online ICQ computer users regarding a flaw that permits hackers to penetrate software onto the target's computer through a simple e-mail. After that, the program can be run with the target's rights. The fault has emerged in version 5.1, though other variants may also be impacted.
The exposure in ActiveX control is perpetrated owing to a craft flaw in the ICQPhone.SipxPhoneManager in the "DownloadAgent" function that identifies the target's address and then transfers and runs the marked file. Effective infiltration permits implementation of the particular code.
The exposed function then aims a particular URL's file parameter to transfer and run surreptitiously under the context of the executing user. As per the security cautionary from the Zero Day Initiative, hackers employ an avatar - an image of the user - as the striking agent. Whenever the victim receives an e-mail from another user, it comes laden with ICQ. The targets thus need not to take any measure for the malware to be installed and run.
End users who haven't accessed the ICQ network since the issue of patch could still be in danger and can still be affected by a site, as it doesn't need any user interface. The similar six degree of independence that links everybody on the ICQ network can be forced by a worm to circulate swiftly on its own. The fault is singular as it can be tapped through a browser and the ICQ network itself.
The security cautionary shows that modifications are to be established during the linking action with the ICQ service. End users of the initial ICQ software are thus suggested to get their customers updated directly by fixing the program, even momentarily, into a connected state.
AOL repaired the instant messaging (IM) service fault on Oct. 31, 2006. The modification was instantly employed to ICQ variant 5.1 users when they logged on to the network, according to a TippingPoint advisory.
TippingPoint's Zero Day Initiative investigators reported about the flaw to AOL on September 20, 2006 but hide the information from public as the susceptibility could easily let the worm to spread.
» SPAMfighter News - 13-11-2006