DAILY BRIEF Number: DOB02-040 Date: 16 April 2002 NEWS
OCIPEP Advisory Posted - W32/MYLIFE VIRUS - Multiple New Variants OCIPEP has posted Advisory AV02-019 regarding multiple new variants of the W32/MyLife virus that have been released in the wild and are beginning to spread. The worm variants have been reported in Europe. OCIPEP has not received any reports of the variants being detected in Canadian systems. Comment: For more information on the Advisory, go to: www.ocipep-bpiepc.gc.ca/emergencies/advisories/AV02-019_e.html TransCanada Pipeline Explosion - OCIPEP Update Further to the TransCanada pipeline explosion in Manitoba cited yesterday, TransCanada PipeLine customers did not experience an interruption in natural gas service and railway services resumed the following morning. There were no injuries reported, due to the explosion, and most of the evacuated people returned to their homes the next day. The cause of the fire is still unknown. Comment: For more information on this incident, click on the Incident Mapping button at the top of the Daily Brief or go to: http://www.ocipep-bpiepc.gc.ca/DOB/incidents/index_e.html Detroit and Rouge Rivers Oil Spill - OCIPEP Update Further to yesterday's Brief, the massive oil spill on the Detroit and Rouge Rivers, that originated in Michigan, has now spread over more than 43 kilometres of Canadian and American shoreline. Comment: For more information on this incident, click on the Incident Mapping button at the top of the Daily Brief or go to: http://www.ocipep-bpiepc.gc.ca/DOB/incidents/index_e.html Public Safety Ministry Reflects Ontario Government's Law-and-Order Agenda In the wake of last year's terrorist attacks in the U.S., Ontario's Premier Ernie Eves has established a new provincial ministry tasked with overseeing public security. One of the first orders of business will be the security auditing of nuclear power plants and infrastructure that could be targeted by terrorists. The ministry will also take responsibility for the provinces emergency measures, policing and border security. (Source: Canadian Press Newswire, 15 April 2002) www.theglobeandmail.com Comment: OCIPEP works closely with the provinces on critical infrastructure protection and emergency preparedness. IN BRIEF Wireless Phones, PDAs Give Vandals New Avenue of Attack Palm Pilots and cellular phones have the potential to become a fast growing route for computer infection and infrastructure threat. Last year, cellular phones in Japan were infected, prompting the phones to broadcast 911 calls, thereby gridlocking the emergency response system. (Source: Edmonton Journal, 16 April 2002) www.canada.com Virus Attacks Triple in the UK Companies in the United Kingdom suffer nearly three times as many computer infections as two years ago. Government research suggests that anti-virus software may no longer be enough to protect businesses. (Source: vnunet.com, 16 April 2002) http://webserv.vnunet.com/News Fish Guard The U.S. army monitors small fish in their drinking water for signs of contamination in a manner similar to the past use of canaries in coalmines. (Source: CNN.com, 14 April 2002) www.cnn.com CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats TrendMicro reports on Willie.a. Written in Advanced Business Application Programming Language (ABAP), it infects SAP R/3 programs and reports that do not contain its infection marker "SAPVirii". http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WILLIE.A Sophos Antivirus reports on WM97/Marker-KS, which is a corrupt, but viable, variant of WM97/Marker-C. Whenever an infected document is closed, the virus attempts to final transfer protocol (FTP) user information from MS Word to the Codebreaker's site. http://sophos.com/virusinfo/analyses/wm97markerks.html Vulnerabilities SecurityFocus reports on vulnerabilities in two components of InterNetNews (INN). Inews and rnews are susceptible to locally exploitable format string problems that would allow a local attacker to gain elevated privileges. No patch is available as of yet. http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id= 4501 SecurityFocus reports on vulnerabilities in IRIX. It may be possible for a local user to force the mail program to core dump. This problem is likely due to a buffer overflow, which could lead to a local privilege elevation. View the "solutions" tab for details. http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id= 4499 SecurityFocus reports on vulnerabilities in SQL queries executed by IBM Informix Web Datablade, which decode HTML encoded input and make it possible for a developer to inadvertently create insecure applications. No patch is available as of yet. http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id= 4498 SecurityFocus reports on a buffer overflow condition in IBM Tivoli Storage Manager Client Acceptor, which does not perform adequate bounds checking and makes it possible to remotely execute arbitrary code. View the "solutions" tab for details. http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id= 4492 SecurityFocus reports on a buffer overflow condition in the OpenUnix X11 library, which makes it possible for a local attacker to gain elevated privileges and execute code. View the "solutions" tab for details. http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id= 4502 SecurityFocus reports on a vulnerability in OpenBSD, which may allow a local attacker to execute commands as root. It is possible for an attacker to embed data in filenames, which are included in emails. View the "solutions" tab for details. http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=discussion&id= 4495 Tools IBM Web services toolkit WSTK 3.1 http://www.theregister.co.uk/content/55/24843.html For more information, go to: http://www.alphaworks.ibm.com CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP’s Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP’s Communications Division at: Phone: (613) 991-7066 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk