Forgot your password?
typodupeerror
Space Security Worms

Computer Virus Aboard the ISS 290

Posted by timothy
from the like-a-little-piece-of-home dept.
chrb writes "BBC News is reporting that laptops taken to the International Space Station by NASA astronauts are infected with the Gammima.AG worm. The laptops have no net connection; officials suspect the worm may have been transferred via a USB flash drive owned by an astronaut. NASA have said this isn't the first time computer viruses had travelled into space."
This discussion has been archived. No new comments can be posted.

Computer Virus Aboard the ISS

Comments Filter:
  • Solid proof!!!! (Score:2, Insightful)

    by Lumpy (12016)

    That they need IT staff on the ISS.

    Even astronauts are not smart enough to maintain and repair their computers.

    Honestly though, Why the hell dont the laptops have anti virus software? if they are going to run a OS that is targeted by the bulk of viruses out there then it's dumb to send it up without AV software installed.

    There is no reason for a email/nutritional PC to not run AV.

    • Re:Solid proof!!!! (Score:4, Insightful)

      by Tridus (79566) on Wednesday August 27, 2008 @09:00AM (#24763769) Homepage

      Wow, someone who actually believes AV software stops viruses effectively?

      • Re: (Score:3, Informative)

        by Lumpy (12016)

        They stop really old Viruses like that one effectively, even CLamAV detects and cleans that one.

        so yeah, AV would have prevented this one, it would have been effective.

        • Re: (Score:3, Informative)

          by alexborges (313924)

          EVEN clamav?

          Man, clamav is better than most.

        • by MrNaz (730548) on Wednesday August 27, 2008 @11:50AM (#24766415) Homepage

          The reason NASA didn't bother with AV is because there's no pressure on their IT department. In a normal office, the IT department usually gets screamed at when computers don't work. But in space, nobody can hear you scream.

          • Re: (Score:3, Funny)

            by nospam007 (722110)

            It was a pirated copy of some stuff that installed the virus.

            At least we now may have real 'Space Pirates'.

      • by afxgrin (208686)

        In the end, if you're being targeted specifically by a hacker, using anti-virus software and firewall protection can only go so far. But to prevent casual infection by old viruses, using AV software certainly helps. It's especially good for people that have no idea what they're doing on their computer besides using Word, checking email, and surfing the web.

        I believe!

    • by totally_mad (1061918) on Wednesday August 27, 2008 @09:04AM (#24763811)
      You don't really understand. There is nothing they could have done to prevent the worm. The astronaut was installing Outlook which asked them to "close all software like antivirus and firewall which may interfere with the installation". The rest is history...
    • Re:Solid proof!!!! (Score:4, Informative)

      by rktechhead (1348421) on Wednesday August 27, 2008 @09:14AM (#24763937)
      One should expect this kind of thing, being intelligent doesn't automatically mean you are proficient with computers. Perhaps NASA should give their personnel a quick refresher on computer security.

      Alas, while AV doesn't stop everything it is a lot better than not having it at all. A good AV scanner probably could have prevented this. Which again is why they should be giving them that little bit of training if they aren't already.

      • by arth1 (260657)

        No, a good AV scanner would not have prevented this, unless the AV scanner was updated after the virus came out. See, virus writers do test their viruses to ensure that it's not detected by the current crop of AV programs, so they get a bigger window for infection.
        In space, without Internet access, it's pretty clear that the AV software will not be kept up to date.

        The real problem here is with letting the astronauts bring with them memory sticks that haven't been analyzed by experts on earth first. There'

        • Re: (Score:2, Informative)

          by Briden (1003105)

          "In space, without Internet access, it's pretty clear that the AV software will not be kept up to date." .. i think that's an incorrect assumption, normally, they do have internet connections, so, it could easily be kept up to date. until of course, the virus brought down their internet connection, which is no different than what could happen here.

          • Re: (Score:2, Insightful)

            by alexborges (313924)

            Irrelevant.

            THey shouldnt be using windows, precisely because of this risk.

            And thats that.

          • by gnick (1211984)

            "In space, without Internet access, it's pretty clear that the AV software will not be kept up to date." .. i think that's an incorrect assumption, normally, they do have internet connections, so, it could easily be kept up to date. until of course, the virus brought down their internet connection, which is no different than what could happen here.

            But, with no Internet connection, the AV software doesn't really need to be kept up to date. The odds of an astronaut carrying a virus into space on a thumb drive that is so new/obscure that the current AV patch doesn't include it yet are (sorry) astronomically low - This one was first detected just over a year ago.

            Or, probably a better alternative, is to forbid the astronauts from connecting private media to NASA hardware. I realize they need recreation, music, family photos, etc - But not at the cost of

            • Re: (Score:3, Informative)

              by toolie (22684)

              But, with no Internet connection, the AV software doesn't really need to be kept up to date.

              Not exactly true. We are mandated to keep AV software updated (I think weekly) on our machines that aren't hooked to any network at all - internal or external. This isn't mandated by the IT department or Security or anything, but the DoD. Of course, these are the same rules that require three (or was it six?) feet of space between machines (even air conditioning units) from every other.

              They should just toss a CD with the latest definition updates for AV software of choice in with the regular supplies. P

    • Re:Solid proof!!!! (Score:5, Insightful)

      by TheRaven64 (641858) on Wednesday August 27, 2008 @09:15AM (#24763957) Journal
      Antivirus software is typically only effective if regularly updated. In machines that aren't networked, getting these updates is very tricky.
    • by Thelasko (1196535) on Wednesday August 27, 2008 @09:22AM (#24764073) Journal

      Honestly though, Why the hell dont the laptops have anti virus software? if they are going to run a OS that is targeted by the bulk of viruses out there then it's dumb to send it up without AV software installed.

      It looks like Mark Shuttleworth [wikipedia.org] might have to make another trip up there to drop off some Ubuntu disks.

    • Right... (Score:5, Informative)

      by Moraelin (679338) on Wednesday August 27, 2008 @09:35AM (#24764263) Journal

      So, on some computers which (A) have been there for years, and (B) have no network connection over which to download virus signature updates, somehow miraculously that AV software would be up to date and able to recognize the newest trojans. I don't know what AV software that is, but I want it too ;)

      Or, I know, let's send Mordac up there with each Shuttle or rocket trip, to install those updates.

      Oh yeah, and you so want to be up there on your own, when the retarded AV software after a buggy update decides one or more of the following:

      - some critical Windows file looks suspicious and deletes it. It happened more than once IRL.

      - some piece of binary data transmitted by or to your computer looks suspiciously like an obscure, outdated SQL-Server exploit, and shuts the program down and cuts off the network connection. I can personally testify that it happened to me in WoW, never mind that it wasn't on the right port, I had no version of SQL-Server installed, and it was on a connection to WoW that was on for 2 hours now and thus unlikely to be what a virus does. Or see the infamous "STARTLOGGER"/"STOPLOGGER" idiocy that made it possible for a while to disconnect anyone from IRC (and God knows what else) if they have Norton AV installed. Yeah, you so want that on a space station's computers.

      - introduces a bigger vulnerability of its own than Windows has. At least one RL mass-pwnage, and of the format-your-hdd sort at that, happened over a buffer overflow vulnerability in IIRC McAffee's firewall. Or if you look in the history of Norton's patch notes, a _lot_ of them were patching old buffer overflow vulnerabilities in their AV software.

      - suddenly decides that an otherwise legitimate piece of software is too dangerous, and just deletes it. It happened to me with one AV which decided that IRC is too dangerous a place and just removed my mIRC executable. Not because of some malicious code, or even vulnerability, in that version of mIRC, but just because apparently they considered it dangerous anyway. You so want to be up on a space station when such a piece of crap decides that your, say, telnet is too dangerous and must be stopped.

      - loads itself in memory twice and slows everything down to a crawl. Happened to me, with an older version of McAffee's AV. Oh, and trying to stop or uninstall it, only stopped one of the copies.

      - goes paranoid about protecting the user's "privacy", and prevents legitimate logins. Again, McAffee did that for me. Half the sites were so confused by whatever it did, that they simultaneously thought I'm logged in _and_ not logged in. I was starting to develop a deep empathy for Schroedinger's cat. You surely want that kind of thing randomly happening when you're trying to log into some more important thing up there.

      Heh ;)

      • Would the anti-virus that deleted mIRC happen to be made by Computer Associates, or did another product also do that (wouldn't surprise me at all)?
        I'm presuming these laptops run Windows, I wonder why they don't run some form of Unix? Does the nutritional software used by NASA only work with Windows? Can the astronauts use their own software on these laptops?
      • by Thelasko (1196535)

        So, on some computers which (A) have been there for years, and (B) have no network connection over which to download virus signature updates, somehow miraculously that AV software would be up to date and able to recognize the newest trojans. I don't know what AV software that is, but I want it too ;)

        NOD32 [wikipedia.org] claims to have that capability. Although, it would be safer and easier to require every storage device traveling to the ISS to be scanned with an up to date antivirus before going into space.

    • Re: (Score:3, Funny)

      by muffen (321442)

      That they need IT staff on the ISS.

      Even astronauts are not smart enough to maintain and repair their computers.

      Honestly though, Why the hell dont the laptops have anti virus software? if they are going to run a OS that is targeted by the bulk of viruses out there then it's dumb to send it up without AV software installed.

      There is no reason for a email/nutritional PC to not run AV.

      AV on astronaut laptops, are you crazy?
      What we need to do is send this virus to aliens!

      Didn't you learn _anything_ from Independece Day?

    • There are plenty. Radiation hardened hardware is expensive, and usually seriously underpowered. Tools like Norton and Symantec anti-virus insert themselves into the kernel, interfere with other software, burn system RAM and CPU time and cooling, often slow boot times, and can block other proprietary software applicatons (such as whatever the ISS uses for its equipment) in ways that are painful to diagnose. When those computers control critical functions, you _do_not_ run extra software on them.
  • by Skeetskeetskeet (906997) on Wednesday August 27, 2008 @08:58AM (#24763727)
    Microsoft can't hear you scream.
  • by IndustrialComplex (975015) on Wednesday August 27, 2008 @08:58AM (#24763729)
    And to think that I hated that line. Unfortunately for the life from a meteorite theory, computer viruses are a bit more resiliant to the extremes of space.
  • No antivirus? (Score:2, Interesting)

    by totally_mad (1061918)
    To top it all, NASA says in the same breath that they are investigating how the worm got abort and that the austronauts' laptops don't have any anti-virus software... Go figure!
  • Berserkers [wikipedia.org]!

    Now someone do SkyNet...

  • One has to ask (Score:5, Insightful)

    by toby (759) * on Wednesday August 27, 2008 @09:00AM (#24763757) Homepage Journal

    What *Windows* is doing in space in the first place.

    • by Gori (526248) on Wednesday August 27, 2008 @09:06AM (#24763823) Homepage

      My thoughts exactly. There is no reboot after you hit the Blue Planet Of Death...

      *ducks*

    • Re: (Score:2, Funny)

      by halfEvilTech (1171369)

      What *Windows* is doing in space in the first place.

      because it is already considered a large waste of 'space'

    • by mlush (620447) on Wednesday August 27, 2008 @09:42AM (#24764333)

      What *Windows* is doing in space in the first place.

      I've always thought that opening Windows on a space ship is a bad thing

    • by JamesP (688957)

      No, the problem is not Windows in space

      The problem is having only one Windows copy thrown into the emptiness of nothing...

    • by Sleepy (4551)

      Politics.

      Look at all the money Microsoft donated to the Bush election campaigns.
      This was the FIRST TIME Microsoft threw serious money at an election.

      True, this money was intended to get the new White House to FORFEIT the Justice case after they had already won, but this kind of money buys good levels of government contacts. You don't offend your political patrons.

      NASA was heavily UNIX (or other 'nix-like OS's). Much of NASA runs Microsoft Exchange now.

      I wouldn't be surprised if NASA uses ".net" (any part of

    • Re:One has to ask (Score:4, Informative)

      by dpilot (134227) on Wednesday August 27, 2008 @11:42AM (#24766271) Homepage Journal

      Isn't this an FAQ?

      These laptops are convenience machines, for writing reports, spreadsheets, maybe even a little gaming.
      There is no connection between the laptops and the embedded computers that actually run the ISS systems, and those computers do NOT run Windows. For that matter, they probably don't run Linux, but more likely some 10 or 15 year old Unix variation that was already well proven when the ISS bids went out.
      The laptops may connect to experiments - that I don't know.

      Since they are convenience machines, with no planned networking, and since when they were put out for bid, Windows was the most convenient OS to use, that's what they have. That's also not to say that Linux laptop may not make it up there, some time.

      Don't pretend that there's any sort of IT architecture on the ISS for anything but the base plan. Everything is spec and bid.

      I would hope that they have image CDs up there, and not just for virus removal. I can see wanting to reimage some of the laptops for each new ISS crew, and some for each new shuttle visit. I wouldn't want to keep "history" on any of them - not without backup.

  • by RisingSon (107571) on Wednesday August 27, 2008 @09:00AM (#24763759)
    that Captain Kirk picked up something nasty from those green bitches. Damn space viruses.
  • NASA needs Linux (Score:5, Insightful)

    by MrSmith0011000100110 (1344879) on Wednesday August 27, 2008 @09:04AM (#24763815) Homepage Journal
    This is even further proof that NASA(as well as most every other major organization) needs to move away from the virus laden, insecure, corporate blunder we call Microsoft. Sure Exchange is a great mail system but its still just an iteration of a wheel that was created long before it. Were a giant like NASA or Boeing or Lockheed Martin or the US Govt itself to step away from the Microsoft Corporation, we'd start to see whatever the new adoptee was (preferably Linux) take some serious light and hopefully outshine the Gates machine.
    • by name*censored* (884880) on Wednesday August 27, 2008 @09:36AM (#24764275)

      This isn't necessarily a problem with Microsoft/Windows (although they certainly could have had a better security system), it's a problem with monoculture. Each vulnerability discovered opens up mind-bogglingly large amounts of computers to hacking, so all of the black hats are focusing their efforts on one small goal (making at least one of them succeed very quickly). This also means that exploits relying on uncommon settings (ones that rely on the target having say, two separate unrelated applications installed) are researched, where they might not have been worth the effort otherwise.

      Although you have a point about big companies stepping away from Microsoft. Linux is open source, no-architecture-lock-in, and comes with so many different distros with so many different default settings, that the monoculture problem would be replaced with many-more-but-easier-to-manageable problems (think "Asteroids"). The other advantage that a polyculture OS world would offer is halting the SPREAD of the virii - if an exploit relies on someone to have XYZ system/configuration, it wouldn't necessarily be able to spread through the "fire-breaks" of ABC or DEF systems/configurations (and since most home computers nowadays are Microsoft's XYZ systems/configurations, there's no "fire breaks").

    • by gad_zuki! (70830)

      Or they could just stop running as local admins. Regardless of OS, if they dont take secure steps then they'll always fall into some trouble. Its just a lot more obvious in Windows.

      The astronauts should have a separate account for local admin tasks and they should be using a limited user account for everything else. Not doing this is just like running as root 24/7.

      The real problem with windows culture is the assumption that people can get away with running as admin 24/7. They cant.

      • There can be Windows user level viruses too. There aren't many, because most people are running as local admin anyway.
    • Sure Exchange is a great mail system

      MS Exchange can do a wide variety of things but it is certainly not a "great mail system". It scores poorly against any other widely accepted email server software and it wasn't even possible to back up the mail store of a running system reliably until about two version backs. Those Exchange Admins that were too lazy to ever attempt a bare metal recovery from backups will of course insist that it was reliable but the documentation from MS trumps fanboy worship anyday.

  • Beware the mutations that will, as bad science movies have taught us, inevitably happen. The destruction of all life on Earth is nigh.

  • Geez... (Score:5, Funny)

    by VE3OGG (1034632) <`VE3OGG' `at' `rac.ca'> on Wednesday August 27, 2008 @09:07AM (#24763863)

    Network security really isn't that hard! It isn't like it's rocket scie... oh... nevermind...

  • by Steeltalon (734391) on Wednesday August 27, 2008 @09:17AM (#24763985)

    Will there be an Andromeda Strain of this Virus?

  • Nice one to get (Score:5, Informative)

    by jayhawk88 (160512) <jayhawk88@gmail.com> on Wednesday August 27, 2008 @09:20AM (#24764053)

    From Symantec's site:

    It then attempts to steal sensitive information for the following online games:

            * ZhengTu
            * Wanmi Shijie or Perfect World
            * Dekaron Siwan Mojie
            * HuangYi Online
            * Rexue Jianghu
            * ROHAN
            * Seal Online
            * Maple Story
            * R2 (Reign of Revolution)
            * Talesweaver

    Oh noes, now how will the astronauts be able to play their Japanese MMO's?

    • Re: (Score:3, Informative)

      by Anonymous Coward

      Those are all Chinese/Korean MMOs. Learn2geography.

      • by jayhawk88 (160512)

        Yup, my bad. The only one I recognized on sight was Maple Story which I though was from Japan but you're correct, Korean.

  • by Apoorv Khatreja (1263418) on Wednesday August 27, 2008 @09:23AM (#24764085) Homepage
    Q. Where do these NASA guys get their pr0n from?

    A. Oh yeah.. the USB drive.
  • WORMS (wormswormswormswormsworms) IN (inininininin) SPAAAAAAAAAAAAAACCCCCCCEEEEEEEEEEEEEEE!!!!!!!!! (spacespacespacespacespace)

    They really need to come up with a way to visualize echoing sound in html5.

  • Come on slashdot, don't be twee, what Operating System [howstuffworks.com] does this 'computer virus' need to run on .. Systems Affected [symantec.com]: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP ..
    • Re: (Score:3, Funny)

      by value_added (719364)

      Come on slashdot, don't be twee, what Operating System does this 'computer virus' need to run on .. Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP ...

      You're being difficult. Anyone can see this is a cross-platform virus.

      • "You're being difficult. Anyone can see this is a cross-platform virus"

        How terribly mildly amusing ..

        On the Sarah Jane Adventures [bbc.co.uk] the other day, they had to 'reboot the communications grid' because of a 'virus' .. it's entered the lexicon .. like people have come to think ' computer viruses are somehow normal ..
  • Somebody got busted surfing for some porn, so they came up with this USB key story. Have you seen the Crazy Bitches [thesmokinggun.com] they have up there ? I'd bring some porn too.
  • I wonder what virus was actually the first to make it to space.
    • Re: (Score:3, Funny)

      by Zoxed (676559)

      > I wonder what virus was actually the first to make it to space.

      Agent Smith would say Yuri Gagarin.

  • It was part of a top-secret program to make sure that our computer viruses operated properly on alien spacecraft, just in case most of our cities are blown up on July 4th.

  • by Errtu76 (776778)

    equals wormhole! Ha! Ha! Ha.. oh never mind.

  • by rs232 (849320) on Wednesday August 27, 2008 @09:50AM (#24764469)
    "The laptops have no net connection .."

    So, how do they send/receive email ..

    "The laptops infected with the virus were used to run nutritional programs and let the astronauts periodically send e-mail back to Earth"

    So, they do have a net connection ..

    "The laptops carried by astronauts reportedly do not have any anti-virus software on them to prevent infection"

    So how did they detect the 'infection' by the Gammima.AG worm ..

    "The ISS has no direct net connection"

    How do the laptops send/recieve email .. speculation by a slashdot reader don't count ..

    --

    "We are having a hard time understanding the how and why [wired.com], but everything is working", Commander Bill Sheperd Feb 2001
    • by LordEd (840443) on Wednesday August 27, 2008 @10:03AM (#24764673)

      I think the summary is incorrect. From TFA:

      The ISS has no direct net connection and all data traffic travelling from the ground to the spacecraft is scanned before being transmitted.

      Having no network connection and no direct net connection are different things. I suspect it means that the ISS has some form of network connection to NASA's internal network, but does not have any access to the Internet.

    • Initiating Autonomous Global Diagnostic Scan... ...Scan Complete Anomaly Found.

      Matching with known database... Done. 1 Match Found.

      Anomaly classified: Gammima.AG worm

      Cleansing Procedure Initiated...

      Self-Destruct in:

      5

      4

      3

      2

      1

      boom.

      I mean seriously it was found on laptops used to monitor nutrition? On Noes!!!111!

      "OMG the nutrition laptop is down!? How many carbs am I allowed today! HOW MANY!"

  • by Bazman (4849)

    I'm going to re-watch 2001 and see if Dave has a USB stick in any of the shots. Maybe I'll just photoedit one in....

    • Re: (Score:2, Funny)

      by Tablizer (95088)

      "Dave, send 40 grand to the prince in Nigeria if you want me to open the pod doors, Dave."

  • This can only mean one thing. Radiation from space will mutate them until they are 50 feet tall and they rampage through our cities! Either that, or they will gain superpowers and become evil super-virus-villains bent on world conquest.

  • AV Software Definition: A alarm system that alerts you when you are already screwed.

    The real question is what else do these laptops have on them, root kits, bots, trojans, keyloggers?

  • by Temujin_12 (832986) on Wednesday August 27, 2008 @10:51AM (#24765481)
  • That's one small step for a virus, one giant leap for viruskind.
  • That cosmic ray flux could be a bad thing up there...

    "...there'll be a thousand mutations, Andromeda will spread everywhere, we'll never be rid of it!"

  • That always kills the.. umm wait, different virus... nevermind.

  • I really hope they aren't using a consumer grade OS for ship control systems.

  • From Symantec's description, the W32.Gammima.AG "worm" does not seem to be a worm but more like a virus. A quick check [wikipedia.org] reveals that a worm is,

    A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network) and it may do so without any user intervention.

    Then from Symantec's description,

    The worm then copies itself to all drives from C through Z as the following file: [DRIVE LETTER]:\ntdelect.com

    It also creates the followi

  • by v1 (525388) on Wednesday August 27, 2008 @01:13PM (#24767685) Homepage Journal

    will definitely go to the first bot herder that manages to get a node on the ISS.

"The medium is the message." -- Marshall McLuhan

Working...