Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

FW: ICQ Spoofing Question (part deux)

From: Leon Rosenstein <l_rosenstein () MONTELSHOW COM>
Date: Tue, 19 Sep 2000 11:17:31 -0400
Hi everyone;

I have received a lot of personal responses that were helpful but not
exactly what I was looking for.  I realize that I was not specific enough so
I am sorry and I am going to try again.  When you use ICQ for winbloze and
someone sends you a message from random chat (IE they found you by searching
romance, or 20’s, or men looking for women, or etc) a sub-divison appears on
your client.  This says random.  When you receive a message that is just
spoofed by someone not on your list this appears with the sub-division *not
in list*.

On my ICQ client right now I have the following sub-divisions;

Online (people who are on my list and online)
Not in list (people who are not on my list but have contacted me anyway
*spoofed or not spoofed*)
RANDOM (people who have found me on random chat) ((IE they clicked
add/invite users > then clicked chat with a friend then selected in my case
Romance))

The idea behind my question is social engineering.  I am curious if it is
possible to “spoof” being a random chatter (IE finding someone on romance of
students or games) and thus being able to produce the random sub-divisivon
in the list.

If I get a message from someone and it is not from Random chat they merely
appear as NOT IN LIST.  I want to know if I can actually spoof the
sub-divison on a client that says RANDOM.

I hope this makes things clearer and of course personal responses are fine.

If I didn’t clear things up please let me know and I will try again.  I am
not sure how this works with *ix clients but I am positive about the
sub-division idea on widows.  It has been present since ICQ 98 and probably
before.



Mandatory opening statement; I am not sure if this is meant for this list
but I have feeling it is.  Please flame me in private ;)

Is it possible (with any OS, or ICQ Clone) to spoof being a random chatter?
What I mean is this; if you set yourself up for random chat sometimes
someone will see your profile and message you.  On your ICQ client it comes
up with a subdivision that says random.  I am wondering if this is
spoofable.  For example if I know someone’s ICQ number and I want to pretend
to be a totally random person can I fake this (for social engineering
purposes)?  Again I would be curious if the answer is yes as to what
platform and what client (I guess what client is probably only *ix
specific.)


Thanks again.
Previous By Date Next
Previous By Thread Next

Current thread: