Advertisment

Are you Secure When Someone Seeks you?

author-image
PCQ Bureau
New Update

ICQ is undoubtedly the most-popular instant messenger. It is

no longer limited to simple text chat; file transfers, greetings, telephony, SMS

messages, and tons of other features make using it great fun. But on the darker

side, ICQ is also a major security threat to desktop users as it provides the

port of entry into your machine.

Advertisment

If you want to access a PC over the Internet, then the first

step is to connect to that machine using its IP address and a port number. The

next step is to gain access privileges on that machine. In a desktop operating

system, there are hardly any access restrictions. But it’s more difficult to

connect to a desktop operating system like Win 98 than a network operating

system like Linux or Win NT. Technically, connecting to a machine means

connecting to a service running on the machine on a particular port. Network

operating systems run a number of such services like Telnet at port 23 and a Web

server at port 80. But what services does Wins 98 run, which you can connect to

remotely? It doesn’t even bundle a Telnet server. This is where ICQ comes to

the help of the would-be intruder by providing an entry point into your PC.

How ICQ works

ICQ is based on the client-server architecture. You run the

client on the desktop and connect to one of the Mirabilis servers like

(icq1.mirabilis.com, icq2.mirabilis.com) at a port above 1,024. When you do a

search for users or any other such activity, which doesn’t involve another

user, then you are communicating with a Mirabilis server. But when you send a

message or transfer a file to a person, the Mirabilis server goes off the stage.

The ICQ applications residing on the desktop make connections to each other. In

this case ICQ acts as a client as well as a server. A clever workaround by

Mirabilis to reduce the load on their servers! But this direct connection

between the ICQ users has led to many security issues. Had the server been in

between, some security measures like filtering or virus checking could have been

centrally deployed.

Advertisment

Your IP and ports are revealed

If you are using a dialup connection, each time you connect

to the Internet, you get a dynamic IP address. For a person to establish a

direct connection with you, his ICQ needs the IP address of your machine So, the

ICQ installed on your machine relays your IP address to him. In ICQ, you have an

option to ‘Publish your IP address’. You must never go for it. But even this

precaution is not full proof. A malicious person can find your IP address using

downloadable tools like ICQ Sniffer, which take your ICQ UIN as input and show

your IP address. Then he can run a port scanner by feeding your IP address and

find out all the open ports on your machine, if you are running any services.

Your IP can then be used to operate a trojan remotely (see below). The only

solution here is to disable all the services which you don’t need, as well as

patch up any bugs in the services, which can give access to a remote user.

ICQ home page gives hard disk access

Advertisment

ICQ’s home page feature, if enabled, hosts a Web server on

your machine, to which an ICQ user can connect to. This Web server is used to

quickly create a Web page, which display your information and maybe your

photographs. Earlier versions of ICQ ( ICQ 99a) had a bug which would give

access to anyone to directories on your hard disk other than the document root

(where the ICQ homepage files are stored). So if you use an older version, do

upgrade to the latest.

Transferred file can be a trojan

Scanned photographs and other files are commonly transfered

through ICQ. Picture files are generally JPEGs (.jpg) or GIFs (.gif). Here you

can be tricked. Suppose someone wants to install a trojan like the BackOrifice

or ICQ trojan on your computer. These Trojans would have an EXE extension. Now a

malicious person can rename the file as follows:

Advertisment

Pic.jpg .exe

Note the large number of spaces between jpg and exe. When

this file is sent to you through ICQ, the dialog box that shows the file

information wouldn’t be able to show the EXE extension due to limited length

of the text field. Most ICQ users are tempted to open the picture file (after

all it can be a pretty girl or a handsome boy), as soon as they get it. Once you

click the open button, there is no stopping the trojan from being installed.

Once the trojan is installed, the malicious person can find your IP address and

the port on which the trojan is running using techniques described above, and

subsequently issue commands from his machine, which can be used to transfer your

password files to his machine, delete files on your machine, and generally

create havoc.

The solution is not to accept files through ICQ. But then you

are sacrificing a major part of the fun of using ICQ in the first place. So it’s

advisable to save the file first and then run an anti-virus or trojan detector

(an ICQ trojan detector is available) on it. Also saving the file on the disk

rather than opening it straight away would reveal its extension by giving you a

different icon than the one used for JPEG or GIF files on your machine. Also the

option saying ‘automatically accept file transfers’ shouldn’t be checked.

Advertisment

Licq for Linux has a built-in BackOrifice client. So, you

need to be especially careful to ensure that the BlackOrifice trojan is not

installed on your machine

ICQ utilities, which also include hacking tools, can be found

easily on the Internet. A utility called MillenniumM combines many of these into

one. It also protects ICQ from common hacks. Apart from that, some of the ICQ

ports to other operating systems, especially Unix or Linux, have additional

built-in utilities. Licq on Linux, for example, has utilities like finger,

telnet client, ftp client and also a built-in BackOrifice client. These can be

double edged. If you know about them, and how to use them to protect yourself,

then you can get the better of the would-be intruder. If on the other hand you

not aware of their existence, or if you get careless, then you can be sending an

irresistible invitation to someone to come in and wreck havoc not only on your

machine, but also on other machines on the same network.

Shekhar Govindarajan

Advertisment