The current Apache OpenSSL worm („Linux Slapper Worm“) checks the webserver version by reading the HTTP header before it attacks.
Added „ServerTokens Prod“ to httpd.conf – now it says „Server: Apache“, was „Server: Apache/1.3.26 (Unix) mod_ssl/2.8.10 OpenSSL/0.9.6“ before.
(See the Apache documentation and FAQ.)