ICQ. Cool? Sure. Safe? No way!
ICQ is a cool toy. It allows people to know when you're on-line, and to send you messages, chat with you and send you files. But it also allows someone who knows your e-mail, to discover your IP address!
The procedure is simple. Let's say I know your e-mail address and want to know more about you.
I'll search the ICQ database and discover your UID. Now, let's assume you are online. I can use my ICQ client to initiate a chat with you. Whether you accept it or not, I receive an acknowledgement (in the form "The user has accepted/the user has denied". This acknowledgement contains your IP address! (of course, I'll need more than the usual ICQ client - more about it in a second). What did I gain? I know who your ISP is (and therefore where you're located exactly) if I have your IP I can use tools such as WinNuke to crash your computer remotely, or to scan your computer for vulnerabilities.
What we know
The known problems in ICQ are frightening, but apparently not enough to make people stop using ICQ. We know everything you transmit via ICQ can be sniffed using the various ICQ sniffers around. This means everyone in your local network can see all your ICQ communication easily. It is also easy to impersonate other people and even hijack a conversation (hijacking means that A is talking to B, and in the middle of the conversation C is throwing B out of the conversation and continuing to talk to A while impersonating B. A thinks he's still talking to B and doesn't know the other party is C). ICQ hijackers can be easily found around the Internet as well as ICQ bombers, nukers, etc.
What we don't know
We know ICQ has a file transfer mechanism. We also know it has an "interrupting message" feature. Does it have an "interrupting file transfer" mechanism where the user unknowingly receives files? The ICQ design certainly doesn't allow this to happen, but whether or not there's a way to exploit ICQ into doing file operations is yet unknown.
Because of what we know and because what we don't know about the security hazards in ICQ, many system administrators disallow ICQ communication by blocking it in the firewall or router. It is important to understand the implications of running ICQ in a protected network. There is an increasing number of stories about hackers penetrating users' computer through ICQ, and this means networks that have users running ICQ might not be safe.