DAILY BRIEF Number: DOB02-080 Date: 12 June 2002 NEWS
Ottawa to Buy Smallpox Vaccine for All Canadians The Ottawa Citizen reports that the federal government will purchase millions of doses of the smallpox vaccine, enough to inoculate every Canadian. Dr. Ron St. John, executive director of Health Canada's Centre for Emergency Preparedness and Response, stated that negotiations were already underway to acquire the vaccines, which could cost up to $123 million. There are also plans to vaccinate epidemiologists and federal health workers who would be in the front line in the event of a smallpox outbreak. While he acknowledged that the possibility of a bioterrorist attack on Canada is extremely remote, Dr. St. John stressed that even a limited outbreak could turn into a national catastrophe. The vaccine is effective if given within four days of exposure to the virus. (Source: The Ottawa Citizen, 12 June 2002) http://www.canada.com/ottawa/ottawacitizen/story.asp?id={C693E8BE-C7CB-40AF- B28C-B27CF936D0E1} http://www.canada.com/ottawa/ottawacitizen/ Platform-Jumping Virus a New Challenge for Virus Writers A new virus that made the headlines last week has prompted a renewed interest in Unix and Linux viruses, according to anti-virus experts. A Symantec researcher explained that the Simile virus, which can jump from Windows to Unix operating systems, presents new challenges for virus writers. A McAfee analyst commented that "Unix shell script viruses are relatively easy to create, yet powerful enough to create big problems." (Source: vnunet.com, 11 June 2002) http://www.vnunet.com/News/1132517 Comment: The same news source on 5 June published an article (http://www.vnunet.com/News/1132372) quoting Symantec and McAfee experts who had released an advisory after the discovery of the Simile/Etap virus. They called it a "very complex virus that uses entry-point obscuring, metamorphism and polymorphic decryption," which makes it hard to detect. Typically, the majority of viruses are Windows based due in part to the proliferation of Microsoft Windows operating system in the market place. As the popularity of Unix-based operating systems increases in the general user population (i.e. Linux) it follows that we may see: (1) an increase in viruses that target the Unix/Linux operating systems and (2) viruses that have the ability to infect more than one type of operating system (i.e. Unix/Linux and Windows). IN BRIEF Transportation Delays Expected in Calgary During G8 Summit Most roads near Calgary International Airport will be closed to the public from June 25 to 28 as part of the Calgary Police's security restrictions during the G8 Summit. Air travellers are urged to allow at least an extra 30 minutes to reach the airport and to check with the G8 Summit information line for information on road closures. Service on the city's light rail system may also be affected. (Source: CBC News, 11 June 2002) http://calgary.cbc.ca/template/servlet/View?filename=sy_11062002 State of Emergency Declared in Flooded Alberta Communities Rain continued to fall in southern Alberta, and the worst may be yet to come, if warm weather accelerates melting of the snow that fell in the mountains, according to Dennis Chief Calf, fire chief and head of disaster services for the Blood Tribe Reserve. A state of emergency has been declared in the community of Pincher Creek and in the county of Lethbridge, while flood warnings are in effect in several other communities. (Source: CBC News, 11 June 2002) http://calgary.cbc.ca/template/servlet/View?filename=fd_11062002 FBI Investigates Dive Shops Scuba diving shops across the U.S. are being contacted by FBI agents concerned that terrorists may have been taking scuba diving training with the intention of blowing up ships, power plants, bridges and other structures that are waterfront. Agents are looking for unusual requests from potential trainees, such as limited-visibility diving and diving in a harbour, where water is turbulent and cloudy. (Source: The Toronto Star, 11 June 2002) http://www.thestar.com/NASApp/cs/ContentServer?pagename=thestar/Layout/Artic le_Type1&c=Article&cid=1022100028330&call_page= TS_World&call_pageid=968332188854&call_pagepath=News/World&col=968350060724 Comment: This appears to be further to a May 23 information bulletin from the National Infrastructure Protection Center (NIPC) stating that various terrorist elements had sought to "develop an offensive scuba diver capability." CYBER UPDATES See: What's New for the latest Alerts, Advisories and Information Products Threats Central Command reports on Worm/Trilissa.D, which is a worm that propagates via Outlook e-mail. It arrives with the subject line "Bush is a criminal!" and the attachment "Bush_you_are_guilty!!!.scr". http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_adp.ph p?p_refno=020611-000011 Central Command reports on TR/Win32.Rewin, which is a Trojan horse that allows backdoor access to a victim's computer. http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_adp.ph p?p_refno=020611-000010 Central Command reports on Worm/BWG.d, which is a worm that propagates via Outlook e-mail and the IRC network. It arrives with the subject line "World Cup News!" and the attachment "WorldCup.Bat". http://support.centralcommand.com/cgi-bin/command.cfg/php/enduser/std_adp.ph p?p_refno=020611-000009 Symantec reports on W32.Fishlet.A@mm, which is a worm written in Visual Basic that uses its own SMTP engine to propagate via e-mail. It arrives with the subject line "Order" and the attachment "######.exe" (where ###### is a random name). http:[EMAIL PROTECTED] l Symantec reports on Backdoor.AntiLam, which is a Trojan that can log keystrokes and send them to the hacker. http://securityresponse.symantec.com/avcenter/venc/data/backdoor.antilam.htm l Trend Micro reports on WORM_NEYSID.A, which is a worm that propagates via Outlook e-mail and terminates running anti-virus processes. It creates its email messages from a list of subjects and message bodies, and attaches four files, all of which are copies of itself. http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=WORM_NEYSID.A Trend Micro reports on VBS_PETIK.I, which is a mass-mailing malware that propagates via e-mail and can disable the mouse and the keyboard of an infected computer. It arrives with the subject line "What is the seven sins ??" and the attachment "Seven.vbs". http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=VBS_PETIK.I Vulnerabilities SecurityFocus provides a report on a denial-of-service vulnerability in the OpenServer snmp daemon. Follow the link for upgrade information. http://online.securityfocus.com/advisories/4203 SecurityFocus provides a report on a format string vulnerability in the IRIX 6.5 talkd daemon. Follow the link for workaround information. http://online.securityfocus.com/advisories/4197 SecurityFocus provides a report on a vulnerability in the IRIX 6.5 Appletalk(tm) package that could allow a remote attacker to read any file on the system through the use of the xkas Appletalk admin tool. Follow the link for a solution. http://online.securityfocus.com/advisories/4201 SecurityFocus provides a report on a denial-of-service vulnerability in BIND 9. Follow the link for upgrade information. http://online.securityfocus.com/advisories/4202 Securiteam reports on a vulnerability in Datalex PLC's BookIt! Consumer, which stores and transmits passwords in clear text. Follow the link for a solution. http://www.securiteam.com/securitynews/5RP0B0A7FM.html Securiteam reports on a vulnerability in ZenTrack that could allow a remote attacker to view the full path to the web root. Follow the link for a workaround. http://www.securiteam.com/securitynews/5SP0C0A7FC.html CERT/CC reports on a vulnerability in tcpdump that could allow a remote attacker to execute arbitrary code with the privileges of tcpdump (typically root) or cause a denial-of-service. Follow the link for patch information. http://www.kb.cert.org/vuls/id/797201 Tools Bruteforce Exploit Detector 0.2 is a perl script that remotely detects unknown buffer overflow vulnerabilities in FTP, SMTP, and POP daemons. http://www.kryptocrew.de/snakebyte/bed.html CONTACT US For additions to, or removals from the distribution list for this product, or to report a change in contact information, please send to: Email: [EMAIL PROTECTED] For urgent matters or to report any incidents, please contact OCIPEP’s Emergency Operations Centre at: Phone: (613) 991-7000 Fax: (613) 996-0995 Secure Fax: (613) 991-7094 Email: [EMAIL PROTECTED] For general information, please contact OCIPEP’s Communications Division at: Phone: (613) 991-7035 or 1-800-830-3118 Fax: (613) 998-9589 Email: [EMAIL PROTECTED] Web Site: www.ocipep-bpiepc.gc.ca Disclaimer The information in the OCIPEP Daily Brief has been drawn from a variety of external sources. Although OCIPEP makes reasonable efforts to ensure the accuracy, currency and reliability of the content, OCIPEP does not offer any guarantee in that regard. The links provided are solely for the convenience of OCIPEP Daily Brief users. OCIPEP is not responsible for the information found through these links. IWS INFOCON Mailing List @ IWS - The Information Warfare Site http://www.iwar.org.uk
