Slapper teaches users value of safe hex, says Sophos

September 16, 2002 Sophos Press Release

Sophos, a world leader in corporate anti-virus protection, is urging Unix users to tighten up their safe computing procedures in order to curb the spread of the new Slapper worm (Linux/Slapper-A). This worm is currently spreading across the internet via unpatched vulnerablilities in some versions of OpenSSL used on Apache web servers.

Sophos produced specific protection against the Slapper worm at 09:17 GMT on Saturday, but is reminding Apache web server users that a patch for the vulnerability has been available since July 2002 from www.openssl.org.

"Unix is becoming more and more popular, with Apache beating Microsoft IIS as the web server of choice for many companies," said Graham Cluley, senior technology consultant at Sophos. "However, this popularity attracts attention from the cybercrime community, so fans of Unix need to remember to take security seriously. Instead of waiting for the next threat to emerge, they should get into the habit of patching susceptible systems as soon as a fix becomes available. Pre-emptive safe computing measures like this would have stopped Slapper in its tracks."