A hacker using a Trojan Horse disguised as a JPEG file has gained access to a small number of ICQ passwords, an America Online official has revealed.
Only about 200 ICQ passwords have been compromised out of a subscriber base of more than 40 million people, according to Regina Lewis, a spokeswoman for the ICQ messaging service, which is owned by AOL.
However, ICQ will issue new passwords to those people within 24 hours, Lewis said. New passwords can also be obtained by e-mailing ICQ at firstname.lastname@example.org, she added.
Access to the passwords was gained when ICQ subscribers received an e-mail with an attachment for an executable file. When the attachment was launched, the ICQ password was automatically exposed. The hacker used e-mail addresses picked up from commonly-available ICQ directories and message boards, Lewis said.
"It's pretty straightforward e-mail hacking," Lewis said. "It's password fishing."
Lewis recommended that subscribers do not open attachments in e-mails from unknown sources.
The origin of the Trojan Horse, which is a malicious program masquerading as a benign application, had not been traced by late yesterday, although efforts were still underway to find the source, according to Lewis.