South African government departments hit by Sasser, Sophos reports

May 06, 2004 Sophos Press Release

According to reports in the South African media, 25 government departments have been hit by the Sasser worm.

The worm was said to have infected the departments yesterday afternoon, causing the South African State Information Technology Agency (SITA) to shut down computers, and disconnect all affected departments from the South African government's central network.

Wandile Zote, SITA's communications manager, was reported to have claimed that only three government departments (the South African Police Services, Defence and Transport) survived the worm's attack. Zote confirmed that mandatory counter-measures would be put in place to protect the government's systems, with technicians working through the night if necessary.

"Anyone who uses computers - whether a large organisation or home user - needs to ensure they have taken adequate measures to protect against worms like Sasser," said Graham Cluley, senior technology consultant for Sophos. "I imagine questions will be asked at the highest level as to why so many government departments in South Africa were not properly defended from internet attack."

The security vulnerability exploited by the Sasser worm was first patched by Microsoft on 13 April 2004 in Microsoft Security Bulletin MS04-011.

Sophos recommends that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at www.microsoft.com/technet/security/bulletin/notify.mspx .

Home users of Microsoft Windows can visit windowsupdate.microsoft.com to have their systems scanned for critical Microsoft security vulnerabilities.