According to reports in the South African media,
25 government departments have been hit by the Sasser worm.
The worm was said to have infected the departments yesterday
afternoon, causing the South African State Information Technology
Agency (SITA) to shut down computers, and disconnect all affected
departments from the South African government's central
network.
Wandile Zote, SITA's communications manager, was reported to
have claimed that only three government departments (the South
African Police Services, Defence and Transport) survived the worm's
attack. Zote confirmed that mandatory counter-measures would be put
in place to protect the government's systems, with technicians
working through the night if necessary.
"Anyone who uses computers - whether a large organisation or
home user - needs to ensure they have taken adequate measures to
protect against worms like Sasser," said Graham Cluley, senior
technology consultant for Sophos. "I imagine questions will be
asked at the highest level as to why so many government departments
in South Africa were not properly defended from internet
attack."
The security vulnerability exploited by the Sasser worm was
first patched by Microsoft on 13 April 2004 in Microsoft Security
Bulletin MS04-011.
Sophos recommends that every IT manager responsible for security
should consider subscribing to vulnerability mailing lists such as
that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx
.
Home users of Microsoft Windows can visit windowsupdate.microsoft.com to have their
systems scanned for critical Microsoft security
vulnerabilities.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.