Vulnerability Development mailing list archives

icq2000

From: griffinb () HOTKEY NET AU (Brad Griffin)
Date: Tue, 26 Oct 1999 19:26:53 +1000


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all. I did some searching and some hex viewing etc etc.
It appears that all ICQ2000 is, is a carrier for a worm that will send
a link to the ICQ2000 download site. I *think* it uses your UIN to pick
random users to post to. I'm still checking though. It was written
using Borland Delphi (which version?) and also uses some off-the-shelf
tools from www.netmastersllc.com
It is also doing something with IE.
Catchyas,

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1 -- QDPGP 2.60
Comment: http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=0x6FD78581

iQA/AwUBOBTnOgiK90dv14WBEQKusQCfUe6MYRiqKuF26Ab+rDR2AxWih58AoO5D
QYb9H7X/iUOqANn6sCJP4yZY
=bXDD
-----END PGP SIGNATURE-----
Brad Griffin
Infotech undergrad & e-mail addict
CQU Rockhampton, Australia
Useful links:
http://www.pgpi.org/
http://spamcop.net/
http://www.avp.ru/

Current thread:

forged packets? Kelvin Fu (Oct 25)
- Re: forged packets? CyberPsychotic (Oct 24)
- Re: forged packets? Ryan Permeh (Oct 25)
  - Re: forged packets? Ron DuFresne (Oct 26)
- Re: forged packets? ctor (Oct 25)
- ICQ 2000 Elias Levy (Oct 25)
  - Re: ICQ 2000 Blue Boar (Oct 25)
    - Re: ICQ 2000 Sean Burford (Oct 25)
    - Re: ICQ 2000 Brad Griffin (Oct 26)
  - icq2000 Brad Griffin (Oct 26)
  - Re: ICQ 2000 Damm, Mike (Oct 26)
    - Re: ICQ 2000 Brad Griffin (Oct 26)
    - FreeBSD listen() 3APA3A (Oct 27)
    - Re: FreeBSD listen() CyberPsychotic (Oct 27)
    - Re: FreeBSD listen() 3APA3A (Oct 29)
    - Re: FreeBSD listen() Matthew S. Hallacy (Oct 30)
    - Fw: Trojan/Worm on one of your pages and spams ICQ users. BrainMaster (Oct 28)
    - Re: FreeBSD listen() David Schwartz (Oct 28)
    - Re: FreeBSD listen() 3APA3A (Oct 29)
    - Re: FreeBSD listen() David Schwartz (Oct 30)

(Thread continues...)