DAILY BRIEF Number: DOB02-031 Date: 03 April 2002 NEWS
FTC, Partners Pursuing Internet Fraud The Federal Trade Commission (FTC), with help from the FBI and several state and Canadian agencies, has brought 63 cases against Internet scams in the past six months. The initiative, called International Netforce, is intended to stop these activities, freeze assets and possibly press criminal charges against people and companies that commit the fraud. Cases investigated have included an alleged cure for an inoperable pancreatic cancer and those sending email promotions, such as pyramid or stock-investment schemes, have been warned to stop their operations. (Source: Computerworld.com, 2 April 2002) http://www.computerworld.com/ New Worm Emerges from Australia A worm emerging from Australia was first seen last month, but has been spreading quickly since April 1, according to anti-virus companies. My Life.scr is a mass-mailing virus with a destructive payload that sends itself to everyone in a recipient's Windows address book. When opened, the attachment "shows a picture (of a little girl covering her mouth with a rose), installs itself into Windows System folder as My Life.scr and adds its startup key to the Registry," according to anti-virus experts F-Secure. Once activated, the virus attempts to delete all folders on the C drive between the 50th and 59th minute of the hour. (Source: vnunet.com, 3 April 2002) http://www.vnunet.com/News/1130579 Comment: According to security firm iDefense, the latest My Life virus is a simple variant of other MyLife strains, but is able to evade filters specifically set to filter out known attachments of MyLife malicious code. Multiple variants have come out on the weekend, each with a different attachment name. Anti-virus systems should be updated frequently to block all the "copy cats". Great Lakes Clean-Up Planned A new Bush administration plan to protect and restore the Great Lakes will address serious problems such as sediment contamination, invasive species, loss of habitat and the production of fish unsafe for human consumption, according to the U.S. Environmental Protection Agency. At present, more than 30 million people, including 8.5 million Canadians, receive their drinking water from the Great Lakes. The lakes also provide water for power generation, support a $100-million commercial fishery industry and sustain a recreational fishing industry with revenues of more than $350 million for the Canadian economy. The Great Lakes U.S. Policy Committee, a partnership of senior environmental officials from federal, state and tribal agencies, created the strategy that will aim to improve fishstocks, restore or enhance wetlands and reduce the introduction of invasive species to the basin's ecosystem. (Source: The Toronto Star, 2 April 2002) http://www.thestar.com Comment: The Great Lakes basin is home to 45 percent of Canada's industries and provides the foundation for $150 billion in annual Canada/U.S. trade. Over the past six years, Canada has made significant progress in cleaning up, preventing and controlling pollution in the Great Lakes as well as conserving human health and the environment surrounding the Great Lakes. This progress can be attributed to several Remedial Action Plans and the Great Lakes Sustainability Fund (GLSF), which is a component of the Great Lakes Program's Great Lakes Basin 2020 Action Plan. The GLSF aims to significantly accelerate work to restore the environmental quality of 16 Canadian Areas of Concern (AOC), one of which is the Great Lakes. IN BRIEF Calgary Police Prepare for G8 Demonstrations In preparation for the June 2002 G8 Summit, Calgary police officers are studying laws related to protests and demonstrations, so that they will be ready to act accordingly in various situations. According to a Calgary police official, deciding when a demonstration stops being peaceful will be determined as events unfold, adding that "the incident commander is in the best position to adjudge what's going on." (Source: CBC News, 2 April 2002) http://cbc.ca/ U.S. Army Communications Vulnerable The military must take a more proactive approach to defending its critical information systems against cyberterrorist attacks, according to the director of the U.S. Army's information Operations Assurance Office. Noting that there were successful attacks against its critical systems during 2001, Dmuchowski says the Army's entire communications security infrastructure must be modernized. (Source: govexec.com, 2 April 2002) http://www.govexec.com/ Privacy Rights Group Questions National ID System The Electronic Privacy Information Center (EPIC), a privacy rights group in the U.S., has asked without success that the Office of Homeland Security divulge information behind proposals for a national identification system. EPIC believes that legislation will call for state drivers' license records to be linked to federal agency databases, and that Homeland Security Director Tom Ridge "has an obligation to the American people to ensure that these decisions are made in the open." (Source: Newsbytes, 2 April 2002) http://www.newsbytes.com/ CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats No updates to report at this time. Vulnerabilities The Register reports that the MS patch intended to fix a data binding flaw in IE, which enables a script to call executables on your Windows machine, does not work. http://www.theregus.com/content/4/24500.html SecurityFocus provides a report that, by default, MS Internet Explorer executes scripts from web sites in the Internet Zone. Due to a flaw in the way that Internet Explorer deals with cookies, it will execute any scripts embedded within a cookie in the Local Computer zone with the same privilege level as the currently logged in user. http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id= 4392 Comment: The flaw mentioned above has now been patched. For more information, go to: http://www.theregister.co.uk/content/4/24653.html SecurityFocus provides information on a bug that exists in the channel code of OpenSSH versions 2.0 though 3.0.2 allowing existing users to gain root privileges. http://online.securityfocus.com/advisories/4001 SecurityFocus provides a report on the following potential security vulnerabilities with Compaq Secure Web regarding PHP and Apache/mod_ssl http://online.securityfocus.com/advisories/4007 SecurityFocus provides a report on a security vulnerability on Virtualvault4.5, Apache 1.3.19 http://online.securityfocus.com/advisories/4008 SecuriTeam provides information concerning a security vulnerability found that would allow a local attacker to gain access to the user's pass phrase by analyzing the memory core dump caused by the crashing Outlook client. http://www.securiteam.com/windowsntfocus/5SP0Y0A6KM.html SecuriTeam reports on the following new Office XP security problems: 1. It is possible to embed active content (Object and Script) in HTML-based emails that will trigger if the user chooses to reply or forward the email. 2. A bug in Microsoft's Spreadsheet component allows saving of local files to anywhere on the user's hard drive and to control the content of that file. http://www.securiteam.com/windowsntfocus/5OP010A6UO.html The Register reports on a security hole in Win-NT and 2K that could enable an attacker to take control by exploiting a flaw in the debugging subsystem (SMSS). http://www.theregister.co.uk/content/4/24654.html Vnunet.com provides a report that a flaw in one of Cisco's computer telephony products could be exploited to allow a denial of service (DoS) attack. http://www.vnunet.com/News/1130562 Tools The following tools have been released: McAfee Internet Security 4.01 http://download.mcafee.com/updates/upgrade_patches.asp ZDNet News reports on an antivirus software that plugs worm holes http://zdnet.com.com/2100-1105-873411.html CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP’s Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP’s Communications Division at: Phone: (613) 991-7066 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer OCIPEP publications are based on information obtained from a variety of sources. The organization makes every reasonable effort to ensure the accuracy, reliability, completeness and validity of the contents in its publications. However, it cannot guarantee the veracity of the information nor can it assume responsibility or liability for any consequences related to that information. It is recommended that OCIPEP publications be carefully considered within a proper context and in conjunction with information available from other sources, as appropriate. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk