GEN:SID 1:1832
Message CHAT ICQ forced user addition
Summary This event is generated when activity relating to network chat clients is detected.
Impact Policy Violation. Use of chat clients to communicate with unkown
external sources may be against the policy of many organizations.
Detailed Information Instant Messaging (IM) and other chat related client software can allow
users to transfer files directly between hosts. This can allow malicious
users to circumvent the protection offered by a network firewall.

Vulnerabilities in these clients may also allow remote attackers to gain
unauthorized access to a host. This events indicates that an attempt has
been made to add a user to the contact list of Mirabilis' ICQ client via
a specially crafted URI on a website.

Certain versions of Mirabilis' ICQ client do not require user
intervention before adding another ICQ user to the contact list. It is
possible for a client to be added to the contact list via a specially
crafted URI without the user's knowledge.
Affected Systems  
Attack Scenarios An attacker might utilize this vulnerability in the ICQ client to gain
access to a host, then upload a Trojan Horse program to gain control of
that host.
Ease of Attack Simple.
Corrective Action Disallow the use of IM clients on the protected network and enforce or
implement an organization wide policy on the use of IM clients.
Additional References  
Rule References bugtraq: 3226
cve: 2001-1305