Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ICQ Spoofing Question (or second dumb question of the day)

From: Audun <auolufse () ONLINE NO>
Date: Sun, 24 Sep 2000 10:17:34 +0200
At 23:04 21.09.00 -0400, you wrote:

On Thu, 21 Sep 2000, Robert van der Meulen wrote:


I remember a public statement they once stated someone had hacked icq
accounts via a trojan JPEG image, uhh, yeah, ok (r33t).

I'm curious about how they did _that_ :) don't recall reading anything

about

that...


maybe it was really something like lame.jpg.exe (which could possibly
fool REALLY dumb windows users who (a) have full filenames disabled,



If I'm not mistaken the trick was, when recieving files, icq only showed
the first thirty-something characters of the filename. This made it
possible to give files names like "Cool_picture.jpg
.exe", and only the "Cool_picture.jpg" part would be visible from icq.

Audun
Previous By Date Next
Previous By Thread Next

Current thread: