Ah, thanks. Yup, the ICQ thing with the witty worm was the second of the two exploits I knew about.

I researched it and discovered that the only way to get infected is if you're actually communicating with ICQ traffic via that port, and BlackIce is using its ICQ-specific filter to scan the contents of that traffic. Since the ICQ ports are locked out on the servers in question and there is no ICQ traffic getting in or out, we were never at risk even when unpatched.

It did give me a moment's panic when I first read about it, though.