Vulnerable because of two new security errors in AOL's ICQ IM

About 160 million of AOL's ICQ users may experience errors, even if the computer stops crashing if not quickly upgraded.

A security company has just announced two vulnerabilities in ICQ that could allow hackers to attack and spread malware on a victim's computer.

ICQ is AOL's instant messaging service (IM - Instant messaging, similar to Yahoo Messager), introduced in 1996, supporting 19 languages. To date, ICQ has functions such as video, VoIP or SMS targeting young customers. There are about 160 million registered users using ICQ and 80% of them are aged 13-29 with an average online time of 5 hours / day.

Security vulnerabilities in ICQ Pro 2003b IM can help hackers attack denial of service and attack remote systems. An attacker can cause a buffer overflow phenomenon by sending malicious packets with conversations that cause the victim's computer to crash.

ICQ Toolbar 1.3 can also be used by hackers to control and change the settings in the attacker's toolbar and send them web pages via ICQ. An attacker could 'attach' the site to malicious code. Experts of Core Security ( www.coresecurity.com ) said this type of attack is becoming more and more popular.

Currently, Core Security Technologies recommends that users update the 5.1 version of ICQ to fix these vulnerabilities.

DONG QUANG