1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Icq Vulnerable To Update Poisoning Attacks

Discussion in 'Security Updates' started by starbuck, Jan 18, 2011.

  1. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    . An important security issue has been identified in the popular ICQ instant messaging application, potentially allowing attackers to trick installations to download and execute fake updates.

    The problem arises from the fact that ICQ updates are not downloaded from the developer's servers via a secure SSL connection and have no form of authentication except for a metadata file.

    The vulnerability was discovered by a security researcher named Daniel Seither and affects all versions of ICQ 7 for Windows, up to version 7.2, build 3525.

    The researcher also released a proof-of-concept ICQ update builder and a small HTTP server coded in Python to serve the rogue updates.

    In order to pull off such an attack, hackers need to poison the DNS entry for update.icq.com. This can be done by adding a rogue definition to the Windows "hosts" file, changing the active DNS servers to rogue ones, compromising the local router or through more sophisticated DNS cache poisoning techniques.

    Many of these methods are already employed by malware threats known as DNS hijackers, which proves they are not very hard to use.

    ICQ checks for updates every time it starts and by default it sets itself to run when Windows boots up. This means that every time the computer is restarted there is an occasion to launch an attack.

    "The next victim that is affected by the impersonation and that launches the ICQ client will now automatically download and install the fake update. On the next restart of the ICQ software, the fake ICQ.exe will be executed," the researcher explains.

    This issue has been publicly disclosed because the vendor was unresponsive to reports sent via CERT. US-CERT also issued a warning about the vulnerability.

    ICQ is currently owned by Russian investment firm Digital Sky Technologies, which acquired the product from AOL in April 2010.

    The program is highly popular in Russia, where it currently leads in front of other instant messaging applications. Because automatic updates cannot be turned off, the researcher advises users to stop using ICQ until a fix is provided.



    Source:
    http:/ ews.softpedia.com ews/ICQ-Vulnerable-to-Update-Poisoning-Attacks-178768.shtml
     
    Last edited by a moderator: Feb 4, 2014
    starbuck, Jan 18, 2011
    #1

Share This Page