From: Bill Stewart <bill.stewart@pobox.com>
Date: Thu, 11 Jun 1998 21:28:56 -0700 (PDT)
To: Bachrach <cypherpunks@toad.com
Subject: FWD: backdoor trojan in ICKill
In-Reply-To: <199806102100.XAA27780@basement.replay.com>
Message-ID: <3.0.5.32.19980611174656.008163d0@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:00 PM 6/10/98 +0200, a remailer user forwarded
a message From: Bachrach <bachrach@netreach.net>
about a major security backdoor in ICKill, a utility that
apparently augments or hangs around ICQ - it's a little-documented
feature designed into the system rather than a bug or unexpected behaviour.
More information is at
> http://members.tripod.com/~hakz/ICQ/index.html 
...
>My last question is this: if one person has backdoors into thousands of
>computer systems, doesn't that pose some sort of risk to the interent
>community as a whole? There's one person who's been saying that I should
>notify the FBI about this. As you can see  decided to start here first.

Don't tell the FBI - they'll just want to use it themselves.  :-!

Is there some way to locate and reach ICKill users directly?
Do they show up on ICQ in some useful manner?
(I don't use either of the products....)  Directly notifying them
could help the problem, or at least generate a number of
emails to the author who put the feature in there.

				Thanks! 
					Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639