Malware hits outer space
Space station under worm attack.
By Gregg Keizer, Computerworld US | Published: 09:45, 28 August 2008
Now you're not even safe from malware in space. NASA has confirmed that the International Space Station, has been hit by a worm, identified as W32.Gammima.AG.
Early reports suggest that at least one of the laptops used on the station, which is administered jointly by the US and Russia. However, NASA spokesman Kelly Humphries declined to identify the malware, saying only that anti-virus software detected a worm on 25 July.
The first public report of malware about the ISS was logged earlier this month, on 11 August in NASA's daily status report on the station that day, the agency said. Sergey Volkov, the International Space Station (ISS) commander, was "working on the Russian RSS-2 laptop" and "ran digital photo flash cards from stowage through a virus check with the Norton AntiVirus application."
A week later, on 21 August Volkov "checked another Russian laptop, today RSK-1, for software virus by scanning its hard drives and a photo disk."
The next day, Volkov transmitted anti-virus scanning results from the laptop to Earth, and American astronaut Greg Chamitoff scanned another computer for possible infection. NASA also said in Friday's report that all laptops on board the ISS were being loaded with anti-virus software.
"All A31p laptops onboard are currently being loaded with [the] latest [Norton AntiVirus] software and updated definition files for increased protection," said NASA.
W32.Gammima.AG, the name Symantec, maker of Norton AntiVirus, gives the malware, is a year-old Windows worm designed to steal information from players of 10 different online games, some of them specific to the Chinese market. Among the games: ZhengTu, HuangYi Online and Rohan. The worm also plants a rootkit on the infected system, and transmits hijacked data to a remote server.
Today, Humphries said that the worm poses no threat. "It was never a threat to any command-and-control or operations computer," he said. He refused to detail how the malware snuck aboard, citing "IT security issues," but other sources, including SpaceRef.com, speculated that it might have stowed away on a laptop or a flash card.
"There have been other incidents," confirmed Humphries, who works at the Johnson Space Center in Houston, Tex. "I don't know when the first one was, but the station will have been in orbit for 10 years [come] November."
"If there is any good news at all, it's that the malware was designed to steal usernames and passwords from computer game players, not something that orbiting astronauts are likely to be spending a lot of time doing," said Sophos's senior technology consultant Graham Cluley, in a post to Sophos's blog. "After all, with a view like that who needs to play the likes of World of Warcraft?"