GoFuckYourself.com - Adult Webmaster Forum - Strange icq message asking me to verify

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)

- Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)

- - Strange icq message asking me to verify (https://gfy.com/showthread.php?t=1100395)

Chris

02-19-2013 08:34 AM

Strange icq message asking me to verify

Anyone ever get this before? i've googled it and people say it is an old outdated thing with icq but im always being sent random links to click from people so very wary of what I click

but never seen this before

http://cl.ly/N1Gp/Screen%20Shot%2020...34.44%20AM.png

Dirty F

02-19-2013 08:36 AM

Sounds legit.

Feng-PD

02-19-2013 08:43 AM

yea i had that too... but the domain is on icq.com... so dunno.

seeandsee

02-19-2013 08:47 AM

dont click it :)

Colmike9

02-19-2013 08:54 AM

If you don't know the person, just ignore it. You can use validate.icq.com to easily run cross site scripting and inject malware/etc. Plus even if it was legit, validation hasn't worked since 07ish..

brassmonkey

02-19-2013 09:07 AM

Quote:

Originally Posted by Chris (Post 19488673)

click it and some 3rd world asshole will be having christmas in february :helpme :2 cents: :1orglaugh

Chris

02-19-2013 09:07 AM

damn this is odd
i just got TWO more of these

http://cl.ly/N1U8/Screen%20Shot%2020...09.47%20AM.png

Colmike9

02-19-2013 09:10 AM

Code:

Description:

------------

ICQ suffers from a persistent Cross-Site Scripting vulnerability due to a lack

of input validation and output sanitization of the profile entries.

 

Proof of Concept:

-----------------

The following Javascript payload can be used as profile entries to trigger

the described vulnerability:

 

--- SNIP ---

 

"><iframe src=z onload=alert('xss_p0wer_lol') <

 

--- SNIP ---

 

For a PoC demonstration see:

    - http://www.noptrix.net/tmp/icq_cli_xss.png

 

Impact:

-------

An attacker could trivially hijack session IDs of remote users and leverage the

vulnerability to increase the attack vector to the underlying software and

operating system of the victim.

 

Threat Level:

-------------

High

itto	02-19-2013 09:23 AM

http://i.imgur.com/TgbsRwk.jpg

.

Evil Chris

02-19-2013 09:38 AM

You better click it. Or something bad might happen.

Hey I just saw a UFO.

_Richard_

02-19-2013 09:50 AM

got it this morning as well.. first link was broken, second was a verify via captcha

Dirty F

02-19-2013 09:52 AM

I clicked it! It's fine!
It loaded a virus scanner which said i had a virus and i simply had to pay 100 dollars to get rid of it.
If i did not click it if would not have found out!

Tom_PM

02-19-2013 10:04 AM

"Prince Jaxxon Mkumbe" is in charge of that now? lol okee doke :)

My Fucking Traffic

02-19-2013 11:05 AM

I got it too, I clicked it and was asked for verification via captcha. I stopped there.

EliteWebmaster

02-19-2013 11:09 AM

These 3rd world scumbags are not even that bright. Just look at the user name "barmalei" and "Prince shithead", like anyone on ICQ would have stupid names like that for an Official update.

Klen	02-19-2013 11:13 AM

Quote:

Originally Posted by EliteWebmaster (Post 19488994)

These 3rd world scumbags are not even that bright. Just look at the user name "barmalei" and "Prince shithead", like anyone on ICQ would have stupid names like that for an Official update.

Plus official updates are never done that way,it is done by system notification.

Chris

02-19-2013 01:03 PM

Quote:

Originally Posted by EliteWebmaster (Post 19488994)

These 3rd world scumbags are not even that bright. Just look at the user name "barmalei" and "Prince shithead", like anyone on ICQ would have stupid names like that for an Official update.

All the people i got the message from are people i have talked to already and helped with issues

alot of people got this today for some reason

All times are GMT -7. The time now is 08:11 AM.