We all know what computer viruses are capable of these days,
but the latest manifestation of this kind went outside the “regular” activity
sphere, into space. NASA confirmed that some laptops on the International Space
Station have been infected with the W32.Gammima.AG virus, a worm that usually
steals user names and passwords for online games.
The incident was first reported by space news website SpaceRef.com, according to which the virus was never a threat to any of the computers on the
ISS, and had no adverse effects on any of the operations on the International
Space Station.
The W32.Gammima.AG virus was first discovered by Symantec on
August 27, 2007, as a worm affecting Windows 2000, Windows 95, Windows 98,
Windows Me, Windows NT, Windows Server 2003, Windows XP. According to them, the
worm spreads by copying itself to removable media.
The threat assessment report reveals that in fact the virus
has a low geographical distribution, it’s easy to contain and remove; the damage
level was assessed to be low. Its favorite activity involves stealing sensitive
information from the several online games, such as ZhengTu, Wanmi Shijie or
Perfect World, Dekaron Siwan Mojie, HuangYi Online, Rexue Jianghu, ROHAN, Seal
Online, Maple Story, R2 (Reign of Revolution), Talesweaver.
The process is very simple: the worm infiltrates into all
drives from C to Z, and then creates an autorun file so that it executes
whenever the drive is accessed. The next step is to create a registry entry so
that it executes whenever Windows starts, and start looking for sensitive
information.
“This is not the first time we have had a worm or a virus,” NASA
spokesman Kelly Humphries told Wired News.
“It’s not a frequent occurrence, but this isn’t the first time.” However, NASA downplayed
the rumors that the virus got out of hand, calling it a “nuisance” affecting
non-critical laptops, usually used for e-mail or nutritional experiments.
How was this possible? It appears that some of the laptops
carried by the astronauts on the International Space Station have no anti-virus
system. It still remains unclear how the laptop got on the ISS, but the
possibilities are either from the initial software load, although laptops are
usually scanned before it goes into space, or from a thumb drive.
There is no direct Internet connection on the International
Space Station, so the virus is most likely to have travelled through storage
drives. In order to prevent such incidents from repeating, NASA said all
laptops currently benefit from the latest, updated version of Norton AntiVirus.
Symantec’s recommendations to protect against the
W32.Gammima.AG include turning off and removing unneeded services, such as FTP
server, telnet, or a Web server, which are normally vulnerable to such attacks, keeping patch levels up-to-date, isolating exploited services until a
patch is applied, and not opening attachments commonly used to spread viruses, such
as .vbs, .bat, .exe, .pif, and .scr files.
According to NASA, the investigation on
how the virus got on the ISS laptops will continue (however, the cause may not be revealed
for security reasons). Furthermore, the entire ISS crew is working on stopping
the virus from spreading, as well as on preventing any similar actions from
happening again.
