OCIPEP DAILY BRIEF Number: DOB02-180 Date: 05 November 2002 http://www.ocipep.gc.ca/DOB/DOB02-180_e.html
NEWS Ottawa contributes to the funding of St. John's harbour cleanup The Prime Minister delivered $31 million to the province of Newfoundland yesterday as part of the federal government contribution to clean up St. John's harbour. According to reports, the three neighbouring municipalities dump more than 120 million litres of raw sewage into the harbour every day making it one of Canada's dirtiest harbour. (Source: stjohns.cbc.ca, 4 November 2002) Click here for the source article OCIPEP Comment: Further to a report in OCIPEP Daily Brief DOB02-160 released 7 October 2002, this contribution comes from the federal government's $2-billion Strategic Infrastructure Fund. The total cost of cleaning up St. John's harbour is $93-million. Provincial and municipal governments will provide the remaining $62 million. New e-mail worm spreading According to reports, computers running Microsoft windows operating systems are susceptible to a new e-mail worm, capable of scattering a variant of the FunLove virus. The new worm, called W32/Braid.A or I-Worm.Bridex is presently circulating on the Internet, spreading through attachments named README.EXE linked to untitled e-mail messages. British company MessageLabs warns that Braid.A shares some attributes of the widely spread Klez family of viruses. (Source: infoworld.com; news.com, 4 November, 2002) Click here for the source article - 1 Click here for the source article - 2 OCIPEP Comment: Look for e-mails, as aforementioned, and the files created by Braid in the Windows System directory and the Windows registry key created by the worm. Also look for a process in the Windows Task Manager Window called "Bride" in Windows NT, Windows 2000 and Windows XP computers. A sudden crash and/or restart of the computer after opening an attachment may also indicate an infection of Braid. Several anti-virus software programs currently provide protection against this new malicious code. Other anti-virus software may detect Braid heuristically. A patch is available from Microsoft at: http://www.microsoft.com/technet/security/bulletin/MS01-020.asp. Alaska earthquake - Update Damage to the Alaska crude oil pipeline was still being evaluated on Monday. It is expected that the Trans-Alaska pipeline will be shut down until Tuesday afternoon, or a minimum of 48 hours from when it was shut on Sunday after an earthquake, according to U.S. Department of Transportation officials. No leaks have been reported along the length of the pipeline. While no damage to the pipeline itself was detected in the early hours after the quake, there was damage to "H-supports" used to support the aboveground portion of the pipeline. The shutdown was not expected to affect oil supply, as a reserve is stored in tanks at the port of Valdez. U.S. Department of Transportation crews were also busy repairing cracks on roads. According to the U.S. Geological Survey, the quake was the most severe in the U.S. since the 1906 San Francisco earthquake. (Source: msnbc.com; news.yahoo.com, 4 November 2002) Click here for the source article - 1 Click here for the source article - 2 IN BRIEF Water restriction may be imposed for Vancouver area Because of several dry months, severe water restrictions may be imposed on the Lower Mainland. Water levels from the Capilano and Seymour systems, which supply water to approximately two-thirds of the lower mainland's population, are down to 29 percent and are dropping steadily. (Source: cbc.ca, 1 November 2002) Click here for the source article U.S. should fund and test Internet security - Richard Clarke According to Richard Clarke, Special Advisor to the President for Cyberspace Security, the U.S. government should fund and test Internet Engineering Task Force developments and initiatives to bolster the security of Internet communication. (Source: nwfusion.com, 1 November 2002) Click here for the source article CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products See: News - New e-mail worm spreading Threats McAfee reports on W32/Braid@MM, which is memory-resident virus that spreads via e-mail. It closes Explorer and resides in memory as process named Bride. http://vil.nai.com/vil/content/v_99776.htm Trend Micro report on BAT_JUNBO.A, which is a destructive mass-mailing batch file spreads via e-mail, IRC and the KaZaA peer-to-peer, file-sharing network. The e-mail has the subject: "Hi!!!", and attachment: casper~1.AVI.bat http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BAT_JUNB O.A Trend Micro reports on WORM_PIBI.B, which is a worm that propagates via e-mail, IRC and the KaZaA peer-to-peer, file sharing network. The e-mail has the subject: "WindowsXP Service Release Pack 2.002" and the attachment: install.exe. http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_PIB I.B Symantec reports on Backdoor.Floodnet, which is a backdoor Trojan horse that gives an attacker unauthorized access on port 6969. http://securityresponse.symantec.com/avcenter/venc/data/backdoor.floodne t.html Vulnerabilities Sun reports on a locally exploitable denial-of-service vulnerability in the Solaris 8 Kernel that may result in a system panic. Patches are available. http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F48067 Additional vulnerabilities were reported in the following products: PHP Nuke 5.6 SQL injection vulnerability. (iDEFENCE) http://www.idefense.com/advisory/10.31.02c.txt Xeneo 2.1.0.0 (PHP version) and 2.0.759.6 Web Server denial-of-service vulnerability. (iDEFENCE) http://www.idefense.com/advisory/11.04.02b.txt Pablo FTP Server 1.2, 1.3 and 1.5 denial-of-service vulnerability. (iDEFENCE) http://www.idefense.com/advisory/11.04.02a.txt ION P version 1.4 remote file retrieval vulnerability. (SecuriTeam) http://www.securiteam.com/securitynews/6X0060U60O.html NetScreen SSH1 CRC32 denial-of-service vulnerability. (SecuriTeam) http://www.securiteam.com/securitynews/6W0050U60O.html Jason Orcutt Prometheus v3, 4, 6 remote file include vulnerability. (iDEFENCE) http://www.idefense.com/advisory/10.31.02b.txt Linksys BEFSR41 Gozila.CGI denial-of-service vulnerability. (iDEFENCE) http://www.idefense.com/advisory/10.31.02a.txt Mozilla multiple versions multiple vulnerabilities. (SecurityFocus) http://online.securityfocus.com/bid/5766 http://online.securityfocus.com/bid/5762 http://online.securityfocus.com/bid/5759 http://online.securityfocus.com/bid/5757 http://online.securityfocus.com/bid/5694 http://online.securityfocus.com/bid/5665 Patches New Apache packages are now available for Debian GNU/Linux. (Debian) http://lists.debian.org/debian-security-announce/debian-security-announc e-2002/msg00110.html Tools Samhain v1.6.3 is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. http://samhain.sourceforge.net CONTACT US To add or remove a name from the distribution list, or to modify existing contact information, e-mail: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP's Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP's Communications Division at: Phone: (613) 944-4875 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk