ICQ Rumors 131 - 138

If you're looking for the latest rumors floating around on ICQ, then you have come to the right place, netizen!

Note: If you were sent the URL to this page, you should go to http://diamond-back.com/icqlies.html to see the full selection of pages available and to check for updates to the ICQ Lies site.

 Latest False Rumors - Updated July 19, 2005
I try to update this section as often as possible, though it does get neglected at times (I have no shortage of projects in the works, not to mention "a real life"). Since all my friends on ICQ are too wise to forward false rumors (woo hoo!), I must now rely on those poor souls who still receive a ton of 'em everyday. If you receive a rumor which you have not seen on these pages, then I would very much appreciate it if you would e-mail it to me at
webmaster@diamond-back.com with the title "New Rumor" in the subject line. This makes it much easier for me to find them when update time rolls around. Please don't forward new rumors to me in ICQ, that is the very thing I'm trying to avoid. ;-)

E-mail is also the best way to contact me if you have a question or suggestion (criticism, complaints and nastygrams should be sent to devnull@diamond-back.com... hee hee). My ICQ list has grown large and unmanageable, so please don't send an authorization request until we get acquainted through e-mail (the fact is, I don't spend much time on ICQ when I'm working on other stuff, which is most of the time). I try to answer every letter I receive, but that's not always possible and I get a little behind sometimes. When I'm involved with designing a commercial web site (my profession), it could be weeks (months?) before I catch-up on the mail or update these pages. But they do get updated, as long as there are rumors on ICQ there will be an ICQ Lies section. That's a promise.

One last thing... I get a lot of tech support requests. Sometimes I can help, more often I can't. I don't work for AOL/ICQ, I can't recover lost or stolen passwords and I can't fix something that may be broken in their software. Most of the time I can only respond with information anyone could find at the ICQ Help Center. Before you write to me, please try support@icq.com... they may be slow to answer but they usually do try to help.

And now, on to the lies...

  ICQ Rumor #138
Ab 1.07.05 wird ICQ kostenpflichtig! Dies kannst du jedoch verhindern in dem du min. 18 mitgliedern aus deiner Kontaktliste diese Nachricht schickst! Dies ist kein Scherz (Quelle: www.icq.com) Wenn du sie an 18 Leuten geschickt hast wirst du eine Email bekommen und deine ICQ Blume wird blau!

In English:
At July 1st 2005 ICQ will be Charged! You can go against it if you foward this to at least 18 Ppl on your contactlist! This is not a Joke (Source: www.icq.com) When you have send this to 18 Ppl you will get an Email and you ICQFlower will become Blue.

Whether it's in English or German, a rumor is a gerücht. And even in 2005, this rumor as about as old as they get. As long as there are a multitude of free messaging services available, ICQ (and all the rest) will be in not position to charge for their service. And even if they thought the unthinkable and decided to start charging, forwarding a message to 18, or 1800, people is not going to change their minds... or turn your flower blue. But by now I think most people realize that. (R138)

  ICQ Rumor #137
Children are dying in Africa. Unicef has an appointment with ICQ Corp. that in every 10 ICQ messages sent from you (including me) with this content they get 5 Euro. As a reward you’ll receive a blue ICQ flower.

UNICEF does a lot of good work feeding, immunizing, educating and helping to prevent AIDS in children around the world. However, if you wish to help them you'll need to click here to support them because forwarding ICQ messages doesn't do a thing. And if you do make a donation to UNICEF, buy yourself a blue flower, because you'll deserve one. (R137)

  ICQ Rumor #136
(Your name appears here) YOU ARE IN TROUBLE!!!!!!
Somebody is watching YOU........
Link to this URL

Fasten your seat belts, we're about to take a little trip down Sleazy Marketing Avenue. First stop, the URL in the above message, where we are greeted by a banner ad for a porn website and a repeat of the "YOU'RE IN TROUBLE!" admonishment.

Not too surprisingly, this sophomoric pronouncement is followed by an equally childish prank of displaying the contents of the visitor's C: drive. It's an old trick, but contrary to the statement that "EVERYBODY can see it!!!", the information is only viewable from the visitor's computer, not from the website. You can see an example of this trick in the commentary for Rumor 21.

If it ended here then we could dismiss the whole thing as a prank, but the trip doesn't end here. After a few seconds, the visitor is forwarded to the "Evidence Eliminator" website where one of several ominous sounding webpages will be displayed...

Example 1:

You are now under investigation

The material you have been viewing has triggered enquiries into your Internet records. Click Here to stop this investigation.

You have the right to remain silent. However, anything you say may be taken down as evidence and used against you at a later date.
  • Your IP address of: 65.80.0.xxx has been traced.

  • They're Searching for you on the Internet.

  • Your Internet Provider BELLSOUTH has provided information. Internet records prove you are guilty.

  • They know you are using: MICROSOFT INTERNET EXPLORER V6.X.

  • Your computer is: WINDOWS 98.

Click Here for help from a trusted source. You need to stop this investigation quickly - and try to stop them targeting you. Click Here to protect yourself.

HTTP 911 - Server Warning - Authorized Investigation In Progress

Example 2:

401 Browser Warning - Please Wait

Your computer has been tracked.

Your IP is under investigation: 65.80.0.xxx
Your ISP "BELLSOUTH" has handed
over all the info:
They know you are using: Netscape v4.7
Your computer is: Windows 98
Evidence of your activities: http://www.evidence-eliminator.com/go.shtml?A658423
Your risk status for further investigation: VERY HIGH RISK

Your computer is full of evidence. You need help now.

Years of Internet data could be used by the police.

Time of latest investigation: Today 5:21:14 P.M. ON 21 FEBRUARY 2002

Click Here Now For Urgent Help To Stop This Investigation

OMG! Is my Internet Provider (who happens to be BellSouth) really providing all this "evidence" about me? How else could anyone know all this information about my computer and browser???

The answer is simple, web browsers send all that info every time they request a page... it's standard operating procedure and nothing that should be of much concern to anyone. In fact, website designers such as myself often use this info to create dynamic pages which are automatically adjusted for best display in the most popular browsers. Your Internet Service Provider can be determined by doing a look-up of your IP address, and your IP address must be sent so the website knows where to send the page you are requesting (think of it as writing a letter to someone and asking that they respond with some information, you have to include a "return address" if you expect to receive anything from them... on the Internet, your IP is your return address). The info can also be logged to keep track of how visitors find a website and where they are located. That doesn't mean that I "know who you are" or what's on your hard drive, as these messages from the sneaky folks at "Evidence Eliminator" would like you to believe. In other words, there is no "Authorized Investigation In Progress," this is a COMPLETE LIE being used to scare people into buying this company's dubious product. And what is this product?

"Evidence Eliminator" is nothing more than a "disk-wipe utility" with a few bells and whistles for eliminating browser files. There are free programs available which will perform exactly the same tasks. In contrast, the developer of "Evidence Eliminator" (Robin Hood Software Ltd., who, in my opinion is robbing from everyone and giving to themselves) sells their program for (US) $150.00! Why so much? Probably because they are willing to split the loot with their "affiliates" who help peddle this sleaze-ware. That's the most likely reason for the ICQ message that's making the rounds, it appears to be coming from an affiliate who first uses the old "C: drive" trick and then forwards to "Robin Hood's" website for some additional scare tactics (their affiliate number is stored in a cookie so they can be credited with any sales). Other affiliates have been known to launch massive e-mail and UseNet spam campaigns... but I guess that is to be expected.

If all the trickery and over-priced software wasn't enough, the "Evidence Eliminator" website has a "Consumer Scam Alert" warning of "false advertising" which has "duped many consumers into buying worthless imitation software." Imagine that, the scammers have issued a scam alert so their competition won't dupe the consumers they are trying to dupe. Kind of like a mugger telling you to look out for the shady character down the block while he runs his hands though your pockets. And to answer their critics, they have set-up a "Dis-Information Center" where they counter the (mostly mis-quoted) claims of their detractors. I guess Internet.com and Wired are all part of the grand conspiracy against them... I wonder if ICQ Lies will make the grade? *g*

On a final note, if you really have some sensitive information stored on your computer which you would like to protect, "Evidence Eliminator" is not the software you need, a good data encryption program would serve you much better. Despite all the hype on their website, the only real use I can see for a program like "Evidence Eliminator" is to quickly delete illegal files such as child porn or terrorist plans... law abiding people really shouldn't have any "evidence" which they need to "eliminate." But I did say we were going to take a trip down Sleazy Marketing Avenue and that's where we are... a sleazy ICQ message which leads to a sleazy product most likely to be used by the biggest sleazes of all.

Note to "Robin Hood": I don't really care whether your product does everything it claims to do, that isn't the issue. I also don't care to debate whether you encourage spammers, they really don't need much encouragement. Nor do I support any of your competitors, I have no need of their warez or would want to do business with or for them. And I'm not writing this for publicity... I get all I need from my site's visitors. It's the examples above that I object to... you are taking advantage of people who lack the technical knowledge to understand how the Internet works and attempting to convince them that they are being "investigated" and that their service providers are somehow leaking confidential information about them... all to sell your product. But I really don't expect to be hearing from you now that the Federal Trade Commission is checking into your marketing practices, I suspect you'll have bigger troubles on your plate, mate.

For more information on these sleazoids, please see:
Wired: Ads Play to Users' Privacy Fears
Eric Lee Green's Consumer Warning: Robin Hood Software (Love the new domain name, Eric.)
Response to Andy@Evidence-Eliminator.com

  ICQ Rumor #135
Sent: Saturday, September 22, 2001 7:08 PM
Subject: Your ICQ Password

There has been a security problem on the server, unless you confirm us that you are using your icq legally by filling the empty spaces, you won't be able to use your icq account after 2 days you get this message.




This one is neither a hoax nor an ICQ message, rather it's an e-mail scam dressed-up to look like an official ICQ request for a user's UIN and password. I've included it here because it is probably the slickest ICQ related "lie" of 2001. There have been several variations, the alternate text of one is even more believable:

Dear ICQ user,

The ICQ Inc. is refreshing its databases to delete the inactive accounts. Please fill in your ICQ# and your Password and then submit this form by clicking the Send button. This is everything that you have to do to keep your account active. Don't reply to this mail. After your submission you will be forwarded to our homepage and will be able to read the latest news about ICQ Inc. Unless you confirm us that you are using your ICQ legally by filling the empty spaces, you won't be able to use your ICQ account after our refreshing is over.

With best regards ICQ Inc.

At first glance everything appears to be in order, the links at the bottom all lead to ICQ webpages, the "Mirabilis Flower" graphic is displayed in some versions and, most convincing of all, the "from" address is "support@icq.com." For some recipients of these e-mails, this was all the "proof" they needed and dutifully filled out the form and sent their information to "ICQ." Or did they?

Unfortunately, their UINs and passwords were sent to low-life, thieving, "UIN hijackers" who quickly logged into the victim's account and changed the password. Sometimes the victims would be contacted and given an offer to "buy back" their UIN, other times the victims were ridiculed and intimidated... but rarely were the accounts returned to their rightful owners. While some people could dismiss the theft of a UIN as a minor annoyance and simply sign-up for a new one, for others it meant losing a long held number and having to rebuild a sizable contact list. In either case, this is a very mean-spirited trick and I have nothing but contempt for the jerks who perpetrate it.

So how is it done? Well, the official looking formatting and graphic were probably copied from ICQ's website and pasted into the HTML contained in the e-mail... really quite easy to do. The "from" address was spoofed, again it is quite easy to enter any e-mail address to appear in the "from" field. To see where an e-mail truly originated from, the "headers" need to be inspected, this would have usually reveled the true origin to be a free e-mail service... or anyplace other than ICQ.com. This is the reason why the alternate text admonishes the victim not to "reply to this mail"... such replies would in fact be sent to "support@icq.com." But the form data is a different story.

When the UIN and password fields are filled out and the "Send" button pressed, the data would be sent to the location specified by the form's "action field," which is not displayed on the screen but can be seen by viewing the "source code" of the e-mail. Note: I've altered the form that appears on this page to send the data to a "dummy page" that only displays the information. In the original forms, the data was being submitted to a variety of websites where the data was processed and then forwarded by e-mail to the final recipient (ie. the thief). In some cases the "go between" websites were services such as BraveNet and MSN (note BraveNet and MSN weren't willing "partners in crime," their form processing services were being abused). Several of the most common destination websites were registered to people who listed Istanbul, Turkey in their domain name records. This common thread, along with the similarities of the various e-mails, leads me to suspect that there is probably more than one person involved with this scheme and that it may be operating out of Turkey. I doubt these are "government controlled" sites, more likely they belong to creeps who think they are pretty clever because they can trick less knowledgeable people into falling for their nasty little game. I wouldn't even call them "hackers"... more like "CyberThugs" who abuse what little skill they possess to cause anguish to innocent people. However, I don't wish to give the impression that Turkey is being singled out for this kind of activity. From the reports I've heard, along with a survey of stolen UINs over the past few years, it would appear that "hacking for profit" is becoming a cottage industry in Russia. But I'd rather not get into a Geo-Political debate with my visitors, instead I invite you to read Wired's news report or simply do a search on Google for "Russian Hackers" and decide for yourself.

So the final question is, "What can we do about this?" The only answer I can give is to be aware of "fraudulent forms" and never reveal your password to anyone. ICQ will not ask you for it, so anyone claiming to be "ICQ" is lying to you... no matter how convincingly the lie is packaged. If you do lose your password, don't count on ICQ tech support to be able to recover it for you, they have limited resources and would have to first determine that the lost account really belonged to you (least they unwittingly help someone steal a UIN). Most likely you would be advised to sign-up for a new UIN, they are free and it doesn't take long, though for many people this is unsatisfactory and tantamount to acquiescing to the criminals.

With this scam, the proverbial "ounce of prevention" is truly worth a "pound of cure." The creeps lose every time someone is too wise to click that "send" button. So don't let yourself be a victim and help educate your friends, particularly those who are "new to the net" by explaining how these scams work... or just send them to this page and I'll do it for you.

  ICQ Rumor #134
The ICQ Server will be closed in Sommer 2001. Please forward this message and you vote against it. Thanks.

Sommer? When is that, after Sprong and Wonter? And what's with the vote, are we going to elect a new server that doesn't take "sommer" vacations? If so, I hope the votes aren't going to be counted in Florida, we may never know which server won. Actually, it wouldn't matter anyway because ICQ's servers are not elected entities, they are part of a service offered by AOL/Time-Warner... and the only people with a vote that matters are the company's board of directors and stockholders. (R134)

  ICQ Rumor #133
URL: www.icq/McFee/anti.vac/&3343'a-asd

Just when you think you've heard it all... what's next? Forward a message and you'll have pearly white teeth and a new Mercedes? This is yet another prank message designed to play on ignorance and fear. There is no virus in ICQ and even if there were, forwarding a message certainly wouldn't "clear it." If you're worried about viruses, try installing virus scanning software... doesn't that make more sense? (R133)

  ICQ Rumor #132
Her number=1524####, this is a very bad virus.. this comes fromICQ.. fwd to all.
I checked

Later on I'll explain why these types of warnings are usually smear campaigns and why you shouldn't have anything to do with them. For now, consider this: the message implies the a certain user is spreading a "very bad virus" (as opposed to a "very good virus?") and that this information comes from ICQ and is to be forwarded to all. Well, if "ICQ" already knows this user is spreading a virus, why wouldn't they just close her account rather than asking some moron to forward a poorly worded warning to millions of people? It's all a matter of logic, my dear Watson. (R132)

  ICQ Rumor #131
As of 09/23/01 AOL has new billing processes and requires all current AOL members to fill out the form at the new billing site's address below. Were sorry for all the trouble this may cause.

Steve Manning (aoltech###@aol.com)

Now class, what have we all learned about filling out online forms asking for confidential information (such as your password and perhaps credit card info as well)? All together now... "We tell the person asking us to fill out the form to go straight to..." YES, that's correct! Now the page where this form resided has been taken down, but you can be sure it will pop-up somewhere else in due time.

BTW, notice the "cbj.net" in the URL up there? CBJ is a redirection service, it's nice for people who don't wish to pay for a "real" domain name. Generally speaking, a multi-billion dollar corporation such as AOL/Time-Warner can afford to outright purchase a domain name, the 15 or so dollars a year is well within their budget. So when you see something like "www.aolfeatures.cjb.net" which uses a redirection or a free hosting service, you can be quite certain it doesn't belong to the "real" AOL.

Next Up...
Is the SlaveMaster out to get you? Did Julie get deleted? What do ICQ Admins do when they get bored? And will we be saved from the Evil Overloads? All this and more on the next page!

Click here to continue...

Main Entrance   •   Main Menu   •   ICQ Lies   •   Web Design

If you would like to link to this site you welcome to
use any of the link banners on the main ICQ Lies page.

You may e-mail me at
(Please don't send ICQ authorization requests.)

Or tell the world what you think of ICQ Lies by
Signing my Guestbook
(The Last Word)

Subscribe (or Unsubscribe) to the
ICQ Lies Update Newsletter

If you would like to receive occasional updates
about the latest rumors floating around on ICQ,
enter your e-mail address in the box and press
Send. All info will be kept confidential.
(Click here to view our privacy statement.)
Subscribe | UnSubscribe
ICQ Lies Copyright ©1997-2005
Thomas Robert Pasawicz aka DiamondBack
All Rights Reserved