South African government departments hit by Sasser, Sophos reports

Sophos Press Release

According to reports in the South African media, 25 government departments have been hit by the Sasser worm.

The worm was said to have infected the departments yesterday afternoon, causing the South African State Information Technology Agency (SITA) to shut down computers, and disconnect all affected departments from the South African government's central network.

Wandile Zote, SITA's communications manager, was reported to have claimed that only three government departments (the South African Police Services, Defence and Transport) survived the worm's attack. Zote confirmed that mandatory counter-measures would be put in place to protect the government's systems, with technicians working through the night if necessary.

"Anyone who uses computers - whether a large organisation or home user - needs to ensure they have taken adequate measures to protect against worms like Sasser," said Graham Cluley, senior technology consultant for Sophos. "I imagine questions will be asked at the highest level as to why so many government departments in South Africa were not properly defended from internet attack."

The security vulnerability exploited by the Sasser worm was first patched by Microsoft on 13 April 2004 in Microsoft Security Bulletin MS04-011.

Sophos recommends that every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at .

Home users of Microsoft Windows can visit to have their systems scanned for critical Microsoft security vulnerabilities.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at