In this section

• Home
• Press office
• News archive
• Articles
• 2001
• 07

• Journalists' guide
• News archive

Talk to our experts

• Press contacts

Resources

• Sophos Podcasts
• SophosLabs blog
• Graham Cluley's blog
• Image gallery
• Customer case studies
• Free anti-virus
• White papers
• Awards and reviews
• Industry affiliations

Info feeds

• Security news
• Company news

• Security news
• Company news

What are info feeds?

31 July 2001

Sophos says "Don't be a CodeRed bludger"

The world is getting excited again about the CodeRed worm, which infects Microsoft Internet Information Servers (IIS) and attacks the White House's website. This worm relies on a flaw in IIS for which Microsoft provided a fix well over a month ago, but there is concern that system administrators have been slow to act.

"CodeRed not only infects your server, it also generates huge amounts of unnecessary internet traffic," warns Paul Ducklin, Sydney-based Head of Global Support at Sophos Anti-Virus. "So having an unpatched server is irresponsible, because you put yourself at risk whilst spoiling things for others."

Sophos is calling on Australian system administrators who use IIS not to be bludgers. "Get the fix and use it," Ducklin urges. "Those who attack computer systems with worms and viruses are criminals, make no mistake about it. But that is no excuse for sitting back and waiting to become a victim. If you use IIS and you haven't acted already, do so now."

CodeRed is not the only malicious software to highlight tardiness amongst sysadmins. The Kakworm virus, which spreads via email, is still regularly reported in Australia. But, like CodeRed, a patch from Microsoft renders it (and any virus like it) completely ineffective. The fix for Kakworm was published in 1999, but despite nearly two years of warnings, many computers round Australia remain vulnerable.

Sophos Anti-Virus has published a 'Safe Hex' guide which helps users and administrators to reduce the chance of getting hit by a virus -- regardless of what anti-virus software they use. "Check it out," says Ducklin. "Technology alone is not enough -- you need to stay informed to stay safe."

• Bookmark with del.icio.us
• Submit this story to digg
• Submit this story to slashdot

About Sophos

Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com