Slapper teaches users value of safe hex, says Sophos

September 16, 2002 Sophos Press Release

Sophos, a world leader in corporate anti-virus protection, is urging Unix users to tighten up their safe computing procedures in order to curb the spread of the new Slapper worm (Linux/Slapper-A). This worm is currently spreading across the internet via unpatched vulnerablilities in some versions of OpenSSL used on Apache web servers.

Sophos produced specific protection against the Slapper worm at 09:17 GMT on Saturday, but is reminding Apache web server users that a patch for the vulnerability has been available since July 2002 from www.openssl.org.

"Unix is becoming more and more popular, with Apache beating Microsoft IIS as the web server of choice for many companies," said Graham Cluley, senior technology consultant at Sophos. "However, this popularity attracts attention from the cybercrime community, so fans of Unix need to remember to take security seriously. Instead of waiting for the next threat to emerge, they should get into the habit of patching susceptible systems as soon as a fix becomes available. Pre-emptive safe computing measures like this would have stopped Slapper in its tracks."

About Sophos

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com/company.