Has the First Extraterrestrial (Computer) Virus Been Discovered on the Space Station?

by Ian O'Neill on August 26, 2008

The Space Station. Not in any software virus peril (NASA)

The Space Station. Not in any software virus peril (NASA)


Could this be the first space-borne computer virus ever discovered? It would appear that the International Space Station, orbiting at over 330 km (180 miles) above the planet, is not immune to software problems more commonly associated with computers down here on Earth. Over the last few days, astronauts on board the ISS have been tracking down a fairly benign gaming worm used by hackers to gather personal information. Although this type of virus is not considered a threat to space station operations, it does raise some questions about how the virus got up there and why the station’s computers were not protected.

The virus in question is the W32.Gammima.AG worm and it is used to automatically gather user information of people accessing online games. According to Symantec, the W32.Gammima.AG worm has a “risk level” of 1, or “very low.” Once infected with this worm, it will copy itself onto several files on the host computer, modify the operating system’s registry and then steal user data from a number of installed online games. The main point to remember about a computer worm, is that it embeds itself into a computer’s software, executes its task and then transmits sensitive data via the Internet to a remote attacker. It is not intended to do obvious harm to the host computer, it is intended to hide in the background, waiting to carry out its task.

Unless the ISS crew have been connecting to the Internet to play online games recently, it is very doubtful the personal information of the astronauts will be at risk. But this isn’t the main concern; how did the virus get there in the first place? Is the ISS vulnerable to future infection (whether it is an accidental or malicious attack)?

According to the transcript released by NASA at a space operations meeting last week (ISS 30P SORR), they very briefly outline the situation and offer some explanation as to how the infection may have happened:

Special Topic on Virus detected onboard

- W32.Gammima.AG worm. This is a level 0 gaming virus intended to gather personal information.
- Virus was never a threat to any of the computers used for cmd and cntl and no adverse effect on ISS Ops.
- Theory is virus either in initial software load or possibly transferred from personal compact flash card.
- Working with Russians (and other partners) regarding ground procedures to protect flown equipment in the future.
- It was noted that most of the IP laptops and some of the payload laptops do NOT provide virus protection/detection software

What I find surprising is that most of the computers on board the ISS do not carry basic anti-virus software. Although space is at a premium on the station, surely provision should be made to protect against viruses from Earth, especially if personal compact flash cards are coming close to operational systems?

NASA may have dodged a bullet on this one. There are many more malicious and aggressive viruses on terrestrial computers that could cause serious damage in space, especially on unprotected station systems, the crew were lucky the W32.Gammima.AG worm was not a more virile entity.

On briefly looking through the space station daily reports from the NASA operation web pages, it would appear that cosmonaut Sergey Volkov has taken charge of purging the ISS computers of any trace of the worm using Norton AntiVirus:

  • Working on the Russian RSS-2 laptop, Sergey Volkov ran digital photo flash cards from stowage through a virus check with the Norton AntiVirus application. – ISS Daily Reports (Aug. 14th)
  • Sergey checked another Russian laptop, today RSK-1, for software virus by scanning its hard drives and a photo disk with the Norton AntiVirus application. – ISS Daily Reports (Aug. 21st)
  • CDR Volkov began his day by downlinking yesterday’s Norton AntiVirus (NAV) data from the RSK-1 laptop scan. Later in the day, FE-2 Chamitoff also ran the scan on the SSC (Station Support Computer) to be used for downloading today’s 1553-bus comm files of the JEMRMS (Japanese Experiment Module/Robotic Manipulator System) Checkout #4 from the RLT (RMS Laptop Terminal) to the OpsLAN for downlinking. [All A31p laptops onboard are currently being loaded with latest NAV software and updated definition files for increased protection.] – ISS Daily Reports (Aug. 22nd)

Let’s hope this will be a lesson to space station operations to tighten up the use of unregulated personal software (i.e. personal compact flash cards) and install basic anti-virus software the combat this problem from happening in the future.

Original Source: SpaceRef

Older Comments
  • Pop

    Using a laptop without at least two different virus protecting programs is sorta like stepping out the airlock in your spacesuit without zipping up your fly. Both leaving you hanging out in the breeze – so to speak. But, they are rocket scientists. We can’t expect them to live in the real world.

  • Joe M.

    lol at Norton, why not Avast, it’s perfectly fine… Also, they are super rich astronauts, and they have all of NASA to help chip in for the best anti-virus around?

  • Hunnter

    They’re using Windows?!?!
    I’ve lost all faith in them…

    Windows is the WORST software for mission critical applications and stability.
    Set a process to real-time and the GUI ends up locking up when it starts using a fair amount of the CPU, that is how horrible it is.
    Fair enough if it is a seperate computer not connected to anything else (outside power).

  • http://www.eastsideastro.org Tom

    NORTON? That means Windows is up there. I sure hope they aren’t running Vista.

    Please, at least use the AVG antivirus, can’t they use the free personal version since this isn’t for commercial use?

    NASA….I have such respect for all you do….but Windows???
    I expected Linux or Mac up there. At least we saw an iPod in the windshield a while back and not a Zune!

    *sigh*
    My day is now sad.

  • http://www.tellmatic.org vizzy

    omg, wtf? how stupid the nasa people are to use windows ….. yeah. i don’t wonder about that.

  • LLorrac

    What I heard on the news said that the station doesn’t have internet access. So at least they stolen data can’t be transmitted back to earth.

  • IKE:) the Alien lifeform

    Yeah CARNIFEX, what is WINdoof ( WINstupid) doing up there.
    How incredibly lax of NASA to allow such a flaw in overall safety and security on the ISS…
    What are these people get paid for.

    Well, carbon copies, we hope no life-support systems are in any way controlled by computers running MS OS.

  • Ed

    No way they couldn’t be running windows on the ISS it’d have to be some in house flavor of Linux, I would have thought but hey………….

  • Bonny

    This is interesting… im interesting in space i am not spaced out … dude this is cosmic aha!

  • Bonny

    youve added me no fudging way!!! get out of here.

  • Bonny

    BONY IS COOL AND GETTING REPETATIVE AZ AAAAAAAAAAAAAAAAH

  • bill

    Peace to all space dudes!”"
    ahhhhhhhhhhhhhh

  • bill

    is the milyky way milky

  • http://www.smart-card.com Smartcard Cheif

    Good blog post!

Older Comments

Previous post:

Next post: