|
|
By Spencer Smith (spencera@oregon..uoregon.edu)
(Editor's Note: The Computing Center does not recommend using ICQ, nor do we provide support for it. However, we do feel it's important to point out some of its vulnerabilities because we know that there are ICQ users at the UO.)
ICQ, an Internet instant messaging application, has been widely used on the Internet for years. The program allows users to send short messages, files, and other communications swiftly and easily over an Internet connection.
Unfortunately, ICQ's design makes it very susceptible to attacks from unscrupulous people on the Internet. The very features that attract users to ICQ make it an easy target. Because of its ease of use and overall simplicity, ICQ is used by Internet marauders as a channel for attacking computers, spreading viruses, stealing files, and generally wreaking havoc with innocent users of the program.
Personal information unprotected. When you register ICQ and begin using the program, it collects a certain amount of information about you: your name, email address, geographic location, and other optional information from the registration process. This information is stored on the ICQ servers and is available to anyone on the Internet.
A casual search through the ICQ database can elicit quite a bit more information than you might want to give to strangers. This excess of information can lead to harassment, stalking, and annoying "prank" messages sent by Internet outlaws. (These same bad behaviors are prevalent in all forms of Internet communication, but the wealth of information available through ICQ makes these abuses all the more frequent.)
IP information exposed. Along with your personal information, ICQ also sends out detailed and potentially damaging Internet Protocol information with each message you create. Your ICQ User Identification Number (UIN) and your Internet Protocol (IP) address appear in the header information for each message.
This IP address is the unique identifier for your computer on the Internet. Ordinarily, your IP address is relatively hard to find and your computer is less likely to be noticed by attackers. But because ICQ publishes your IP address along with your messages, attackers can readily determine your IP address and recognize that you're running ICQ.
If your Internet connection is through a modem, the possibility of someone launching an attack on your computer is relatively slight. People connecting to the Internet through Ethernet here on campus or through cable modems and DSL connections at home are much more vulnerable.
You should also be aware that Ethernet and other high-speed connections keep the same IP address information for days, weeks, or months at a time, giving would-be abusers a stable target for an attack.
Because there are some well-defined security holes in ICQ's protocols, attackers can use this information to gain access to your machine. In addition, illicit programs tailored to ICQ users are available on the Internet that can scan a particular machine's network ports for vulnerability. An attacker can use one of these programs, identify your computer's vulnerabilities, and exploit them.
Once attackers have worked their way into your computer through one of these insecure network ports, they can download and read your files. Anything in your ICQ program directory is pretty much an open book to a determined attacker. The extent to which attackers can access the files on your computer depends on the method they use to break into your machine. Still, a good rule of thumb is that if they have access to any part of your computer, they can access anything on your computer.
Identity theft. One important file of interest to attackers is the settings file used by ICQ itself. Although most of the file is encrypted, the password used by ICQ is saved as clearly readable text. Once that password is known, abusers can change your password on the ICQ servers, then contact anyone on the Internet and make threats, promises, deals, and mischief in your name. They could also download and use your ICQ contact list, any files or information that the ICQ servers might have stored about you, and generally cause you tremendous problems.
File tampering. In addition to taking files from your machine, abusers can also put files onto your machine with even more devastating results. There's a whole shopping list of "back-door" applications--programs that run in the background on your computer, unseen and undetected. These programs can allow totally free access to your computer.
Once the back-door program is in place, attackers can see what you're working on, move files to and from your computer at will, modify your computer's settings. . .anything they like. More importantly, they can then use your computer as a platform for launching similar attacks against other computers on your network.
Virus infection. In addition to back-door programs, an attacker could also install viruses and other destructive programs to disrupt the operation of your computer.
Malevolent attachments. Quite apart from the security holes in the ICQ protocols, there are also security breaches in the way that ICQ handles files.
When you first install ICQ, you can accept file transfers from any other ICQ user. Depending on the security level you have set, ICQ may accept and open these files automatically. This is a widely used method for installing back-door programs. The file is sent as an attachment or file transfer, often with an innocuous-sounding name like "Fluffy Bunny Screensaver.exe." The unsuspecting user runs the program, and perhaps even sees a series of fluffy bunnies parading across the screen.
Meanwhile, behind the scenes, a back-door program is installing itself, configuring itself, and alerting its creator of a newly opened computer to exploit. These same sorts of vulnerabilities exist in email in general, as well as in downloading files through a web browser.
Another twist on this file transfer exploit is if you, the ICQ user, allow downloaded files to automatically open themselves, the back-door programs could be installed automatically without your ever having to touch the files at all. Needless to say, choosing to automatically open downloaded files is a very bad idea!
Here are a few steps you can take to safeguard your computer against attack:
1. We strongly recommend that you do not use ICQ or other instant-messaging programs. All of these instant messaging programs have security holes and related problems. Use standard email for your communications. Email has much fewer security holes and can be safeguarded more easily.
2. Don't download files from strangers, and don't open any files at all unless you know the person who sent them, you were expecting that particular file, and you have an up-to-date virus checking program running to catch any suspicious activities that installing a back-door program or virus might cause. Norton Antivirus 2000 is available to all UO students, faculty, and staff on the Duckware CD-ROM.
3. If you must use ICQ, download and install the most current version (currently Version 99b Beta v.3.19). Download only from a reputable site, like http://www.icq.com. There are modified versions of ICQ on the Internet that act like the regular ICQ program, but run back-door services as a part of their installation.
4. Set your security in ICQ to allow only the transactions you want.
5. Require your authorization for people to add you to their contact lists.
6. Check the box that says "Do not publish IP address." (Available only in the most current versions)
7. Set the security level to "High." You'll need to type in your password more frequently, but your ICQ environment will be more secure.
8. Do not save your password. This will force you to type in your password every time you open ICQ, but it will make your password less vulnerable to marauding hackers.
If you follow these simple procedures, you'll be more protected against outside attacks.
It's up to you to make your computer safe. Use the ICQ settings shown below to ensure that you've minimized the possibility of attack.:
| Recommended ICQ Settings | |
| 1. File Transfer Configuration | |
|
Open the Events tab and configure File Transfer in the Events dialog box. Notice that
|
|
 |
|
| 2. Security Preferences | |
|
In the box below, notice that
|
|
 |
See
http://www.wired.com/news/news/technology/story/12758.html
http://blacksun.box.sk/icq.html