OCIPEP DAILY BRIEF Number: DOB02-180 Date: 05 November 2002


Ottawa contributes to the funding of St. John's harbour cleanup
The Prime Minister delivered $31 million to the province of Newfoundland
yesterday as part of the federal government contribution to clean up St.
John's harbour. According to reports, the three neighbouring
municipalities dump more than 120 million litres of raw sewage into the
harbour every day making it one of Canada's dirtiest harbour. (Source:
stjohns.cbc.ca, 4 November 2002)
Click here for the source article

OCIPEP Comment: Further to a report in OCIPEP Daily Brief DOB02-160
released 7 October 2002, this contribution comes from the federal
government's $2-billion Strategic Infrastructure Fund. The total cost of
cleaning up St. John's harbour is $93-million. Provincial and municipal
governments will provide the remaining $62 million. 

New e-mail worm spreading
According to reports, computers running Microsoft windows operating
systems are susceptible to a new e-mail worm, capable of scattering a
variant of the FunLove virus. The new worm, called W32/Braid.A or
I-Worm.Bridex is presently circulating on the Internet, spreading
through attachments named README.EXE linked to untitled e-mail messages.
British company MessageLabs warns that Braid.A shares some attributes of
the widely spread Klez family of viruses. (Source: infoworld.com;
news.com, 4 November, 2002) 
Click here for the source article - 1
Click here for the source article - 2

OCIPEP Comment: Look for e-mails, as aforementioned, and the files
created by Braid in the Windows System directory and the Windows
registry key created by the worm. Also look for a process in the Windows
Task Manager Window called "Bride" in Windows NT, Windows 2000 and
Windows XP computers. A sudden crash and/or restart of the computer
after opening an attachment may also indicate an infection of Braid.
Several anti-virus software programs currently provide protection
against this new malicious code. Other anti-virus software may detect
Braid heuristically. 

A patch is available from Microsoft at:

Alaska earthquake - Update
Damage to the Alaska crude oil pipeline was still being evaluated on
Monday. It is expected that the Trans-Alaska pipeline will be shut down
until Tuesday afternoon, or a minimum of 48 hours from when it was shut
on Sunday after an earthquake, according to U.S. Department of
Transportation officials. No leaks have been reported along the length
of the pipeline. While no damage to the pipeline itself was detected in
the early hours after the quake, there was damage to "H-supports" used
to support the aboveground portion of the pipeline. The shutdown was not
expected to affect oil supply, as a reserve is stored in tanks at the
port of Valdez. U.S. Department of Transportation crews were also busy
repairing cracks on roads. According to the U.S. Geological Survey, the
quake was the most severe in the U.S. since the 1906 San Francisco
earthquake. (Source: msnbc.com; news.yahoo.com, 4 November 2002)
Click here for the source article - 1
Click here for the source article - 2



Water restriction may be imposed for Vancouver area
Because of several dry months, severe water restrictions may be imposed
on the Lower Mainland. Water levels from the Capilano and Seymour
systems, which supply water to approximately two-thirds of the lower
mainland's population, are down to 29 percent and are dropping steadily.
(Source: cbc.ca, 1 November 2002)
Click here for the source article

U.S. should fund and test Internet security - Richard Clarke
According to Richard Clarke, Special Advisor to the President for
Cyberspace Security, the U.S. government should fund and test Internet
Engineering Task Force developments and initiatives to bolster the
security of Internet communication. (Source: nwfusion.com, 1 November
Click here for the source article

See: What's New for the latest Alerts, Advisories and Information

See: News - New e-mail worm spreading


McAfee reports on W32/Braid@MM, which is memory-resident virus that
spreads via e-mail. It closes Explorer and resides in memory as process
named Bride.

Trend Micro report on BAT_JUNBO.A, which is a destructive mass-mailing
batch file spreads via e-mail, IRC and the KaZaA peer-to-peer,
file-sharing network. The e-mail has the subject: "Hi!!!", and
attachment: casper~1.AVI.bat

Trend Micro reports on WORM_PIBI.B, which is a worm that propagates via
e-mail, IRC and the KaZaA peer-to-peer, file sharing network. The e-mail
has the subject: "WindowsXP Service Release Pack 2.002" and the
attachment: install.exe.

Symantec reports on Backdoor.Floodnet, which is a backdoor Trojan horse
that gives an attacker unauthorized access on port 6969.


Sun reports on a locally exploitable denial-of-service vulnerability in
the Solaris 8 Kernel that may result in a system panic. Patches are

Additional vulnerabilities were reported in the following products:

PHP Nuke 5.6 SQL injection vulnerability. (iDEFENCE)

Xeneo (PHP version) and 2.0.759.6 Web Server denial-of-service
vulnerability. (iDEFENCE)

Pablo FTP Server 1.2, 1.3 and 1.5 denial-of-service vulnerability.

ION P version 1.4 remote file retrieval vulnerability. (SecuriTeam)

NetScreen SSH1 CRC32 denial-of-service vulnerability. (SecuriTeam)

Jason Orcutt Prometheus v3, 4, 6 remote file include vulnerability.

Linksys BEFSR41 Gozila.CGI denial-of-service vulnerability. (iDEFENCE)

Mozilla multiple versions multiple vulnerabilities. (SecurityFocus)


New Apache packages are now available for Debian GNU/Linux. (Debian)


Samhain v1.6.3 is a file system integrity checker that can be used as a
client/server application for centralized monitoring of networked hosts.



To add or remove a name from the distribution list, or to modify
existing contact information, e-mail: [EMAIL PROTECTED]

For urgent matters or to report any incidents, please contact OCIPEP's
Emergency Operations Centre at:

Phone: (613) 991-7000
Fax: (613) 996-0995
Secure Fax: (613) 991-7094

For general information, please contact OCIPEP's Communications Division

Phone: (613) 944-4875 or 1-800-830-3118
Fax: (613) 998-9589
Web Site: www.ocipep-bpiepc.gc.ca

The information in the OCIPEP Daily Brief has been drawn from a variety
of external sources. Although OCIPEP makes reasonable efforts to ensure
the accuracy, currency and reliability of the content, OCIPEP does not
offer any guarantee in that regard. The links provided are solely for
the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible
for the information found through these links. 

IWS INFOCON Mailing List
@ IWS - The Information Warfare Site

Reply via email to