Moderator: I've sent the following email to bugtraq last week. Haven't seen it on the list, but it came to my attention that even more account's were hijacked this way. I'm also sending this to incidents, because I think that maybe some administrators are receiving similar complaints from their users and could (perhaps) block the XSS pages somehow. -------- Original Message -------- From: Rafael Coninck Teigao <rafaelat_private> Subject: XSS on ICQ leading to password compromise To: SecurityFocus - Bugtraq <bugtraqat_private> CC: horvathat_private, ahiat_private,nbsoat_private Hello, pp. I've tried to find some representative from de ICQ technical staff but had no success so far. Anyway, here's what's happening: A friend of mine got the following address on his ICQ from a friend on his contact list: http://web.icq.com/login/login_page/1,,err_sys_busy,00.html?karma_err_msg=