www.pudn.com > 29a_fu.zip > 29A-7.001
. .: .:.. :.. .. .:.::. :. ..:
<<-==млллллм=млллллм=млллллм===<
.:: ллл ллл:ллл ллл.ллл ллл .:.
. .:.мммллп.плллллл.ллллллл:..
...лллмммм:ммммллл:ллл ллл.::.
>===ллллллл=ллллллп=ллл ллл=->>
.: .:.. ..:. .: ..:.::. ::.. :.:.
ICQ visions
by
Benny/29A
ICQ application is one of the most spreaded Instant Messenger programs at all.
And like every such utility program it has its own evidency of all communicating
persons. This gigant centralized database contains many private datas that can
be abusable. Becoz of a high spread of this system it is logic to focus on ways
it would be able to abuse these datas for some malware code spreading. Just imagine
it - worm that retrieves private datas of all accessible persons, composes e-mail
messages and spreads itself to all addresses. Hard to say why there still had not
happened such data compromity and following epidemy.
1. Accessing data from ICQ application
While coding I-Worm.Serotonin I had an idea - ICQ application stores a contact-list
on a hard-drive. What about find a way it would be possible to extract stored
datas? While searching for communication interface I found something very strange.
In an ICQ folder there is ICQAutomation.DLL file. As the filename means, it should
be something like object using COM/OLE automation tech. Let's look at the list of
methods with their prototypes that provides their interface:
HRESULT ICQIsInstalled([out, retval] long* pVal);
HRESULT ICQIsRunning([out, retval] long* pVal);
HRESULT OpenICQ();
HRESULT WaitToICQ([in] long pTimeInterval);
HRESULT ClientVersion([out, retval] long* pVal);
HRESULT ClientBuild([out, retval] long* pVal);
HRESULT IsPackageInstalled([in] BSTR pPackageName, [out, retval] long* pVal);
HRESULT InstallPackage([in] BSTR pPackageName,[in] BSTR pPackageURL);
HRESULT OwnerUIN([out, retval] BSTR* pVal);
HRESULT OwnerNickName([out, retval] BSTR* pVal);
HRESULT OwnerFirstName([out, retval] BSTR* pVal);
HRESULT OwnerLastName([out, retval] BSTR* pVal);
HRESULT OwnerBirthDate([out, retval] DATE* pVal);
HRESULT OwnerCountry([out, retval] BSTR* pVal);
HRESULT OwnerCountryCode([out, retval] VARIANT* pVal);
HRESULT OwnerGender([out, retval] BSTR* pVal);
HRESULT OwnerIP([out, retval] long* pVal);
HRESULT OwnerProperty([in] BSTR pPropertyName, [out, retval] VARIANT* pVal);
HRESULT OwnerStatus([in] BSTR pStatusCLSID, [in] long pServiceID, [out, retval] BSTR* pStatus);
HRESULT OwnerStatusDescription([in] BSTR pStatusCLSID, [in] long pServiceID, [out, retval] BSTR* pStatusDesc);
HRESULT OwnerSessionKey([out, retval] unsigned long* pVal);
HRESULT UserType([in] BSTR pUIN, [out, retval] BSTR* pVal);
HRESULT UserHandle([in] BSTR pUIN, [out, retval] BSTR* pVal);
HRESULT UserFirstName([in] BSTR pUIN, [out, retval] BSTR* pVal);
HRESULT UserLastName([in] BSTR pUIN, [out, retval] BSTR* pVal);
HRESULT UserNickName([in] BSTR pUIN, [out, retval] BSTR* pVal);
HRESULT UserBirthDate([in] BSTR pUIN, [out, retval] DATE* pVal);
HRESULT UserCountry([in] BSTR pUIN, [out, retval] BSTR* pVal);
HRESULT UserCountryCode([in] BSTR pUIN, [out, retval] VARIANT* pVal);
HRESULT UserGender([in] BSTR pUIN, [out, retval] BSTR* pVal);
HRESULT UserIP([in] BSTR pUIN, [out, retval] long* pVal);
HRESULT UserProperty([in] BSTR pUIN, [in] BSTR pPropertyName, [out, retval] VARIANT* pVal);
HRESULT UserStatus([in] BSTR pUIN, [in] BSTR pStatusCLSID, [in] long pServiceID, [out, retval] BSTR* pStatus);
HRESULT UserStatusDescription([in] BSTR pUIN, [in] BSTR pStatusCLSID, [in] long pServiceID, [out, retval] BSTR* pStatusDesc);
HRESULT GetNumOfUsers([in] BSTR pType, [out, retval] long* pVal);
HRESULT GetContactListUINs([in] BSTR pType, [out, retval] VARIANT* pVal);
HRESULT SetLicenseKey([in] BSTR pName, [in] BSTR pPassword, [in] BSTR pLicenseKey);
HRESULT NumberOfEventsWaiting([in] BSTR pUIN, [out, retval] long* pVal);
HRESULT ActivateDialog([in] BSTR bsUIN, [in] BSTR bsClsId, [in] long iServiceId, [in] VARIANT varParameterNames, [in] VARIANT varParameterValues);
HRESULT OpenWaitingEvent([in] BSTR pUIN);
I tried to create following VBScript file that would be able to deal with
such interface:
set obj = CreateObject("ICQAutomation.MIICQAutomation")
obj.OpenICQ
It did NOT work. The object creation is ok, but accessing any methods or
properties results in nonspecified error. It's mystirious. I spent huge
time while exploring and analysing different ways that could work. It did
NOT work. When I tried to find some documentation I figured out that NOBODY
knows about it. Try it! Open www.google.com and type "ICQAutomation". On
whole Internet there does NOT exist anything info about this interface.
De facto it's only ICQ developers, me and now you who knows it. If you will
find any way how to make the VBScript code working, I will be very grateful
to you if you will send me a mail (benny@post.cz) about it.
2. Accessing data from ICQ website
This model is theoretical for now, but I think there's no problem at this.
On ICQ website (www.icq.com) there is whole database accessible to anyone,
without any limitations. All you have to do is send HTTP request to search
engine and you will recieve an HTML document (you have to extract wanted
datas from it then). You can get not only e-mail addresses of all users
the malware could spread to, but also all private datas that can be used
to create an impressive electronic messages, where some text would differ
on base of each person's datas.
Virus/worm manipulating with datas of ICQ users has imho real chance to
become a serious treat. Even I personaly dislike malware code spreading
and I don't spread my creations to the wild, I find this idea at least
a bit interesting.
................................
.
. Feb 19 2003 Benny/29A
. benny@post.cz
.
... searching for perfection ...