Has the First Extraterrestrial (Computer) Virus Been Discovered on the Space Station?

Could this be the first space-borne computer virus ever discovered? It would appear that the International Space Station, orbiting at over 330 km (180 miles) above the planet, is not immune to software problems more commonly associated with computers down here on Earth. Over the last few days, astronauts on board the ISS have been tracking down a fairly benign gaming worm used by hackers to gather personal information. Although this type of virus is not considered a threat to space station operations, it does raise some questions about how the virus got up there and why the station’s computers were not protected.

The virus in question is the W32.Gammima.AG worm and it is used to automatically gather user information of people accessing online games. According to Symantec, the W32.Gammima.AG worm has a “risk level” of 1, or “very low.” Once infected with this worm, it will copy itself onto several files on the host computer, modify the operating system’s registry and then steal user data from a number of installed online games. The main point to remember about a computer worm, is that it embeds itself into a computer’s software, executes its task and then transmits sensitive data via the Internet to a remote attacker. It is not intended to do obvious harm to the host computer, it is intended to hide in the background, waiting to carry out its task.

Unless the ISS crew have been connecting to the Internet to play online games recently, it is very doubtful the personal information of the astronauts will be at risk. But this isn’t the main concern; how did the virus get there in the first place? Is the ISS vulnerable to future infection (whether it is an accidental or malicious attack)?

According to the transcript released by NASA at a space operations meeting last week (ISS 30P SORR), they very briefly outline the situation and offer some explanation as to how the infection may have happened:

Special Topic on Virus detected onboard

– W32.Gammima.AG worm. This is a level 0 gaming virus intended to gather personal information.
– Virus was never a threat to any of the computers used for cmd and cntl and no adverse effect on ISS Ops.
– Theory is virus either in initial software load or possibly transferred from personal compact flash card.
– Working with Russians (and other partners) regarding ground procedures to protect flown equipment in the future.
– It was noted that most of the IP laptops and some of the payload laptops do NOT provide virus protection/detection software

What I find surprising is that most of the computers on board the ISS do not carry basic anti-virus software. Although space is at a premium on the station, surely provision should be made to protect against viruses from Earth, especially if personal compact flash cards are coming close to operational systems?

NASA may have dodged a bullet on this one. There are many more malicious and aggressive viruses on terrestrial computers that could cause serious damage in space, especially on unprotected station systems, the crew were lucky the W32.Gammima.AG worm was not a more virile entity.

On briefly looking through the space station daily reports from the NASA operation web pages, it would appear that cosmonaut Sergey Volkov has taken charge of purging the ISS computers of any trace of the worm using Norton AntiVirus:

  • Working on the Russian RSS-2 laptop, Sergey Volkov ran digital photo flash cards from stowage through a virus check with the Norton AntiVirus application. – ISS Daily Reports (Aug. 14th)
  • Sergey checked another Russian laptop, today RSK-1, for software virus by scanning its hard drives and a photo disk with the Norton AntiVirus application. – ISS Daily Reports (Aug. 21st)
  • CDR Volkov began his day by downlinking yesterday’s Norton AntiVirus (NAV) data from the RSK-1 laptop scan. Later in the day, FE-2 Chamitoff also ran the scan on the SSC (Station Support Computer) to be used for downloading today’s 1553-bus comm files of the JEMRMS (Japanese Experiment Module/Robotic Manipulator System) Checkout #4 from the RLT (RMS Laptop Terminal) to the OpsLAN for downlinking. [All A31p laptops onboard are currently being loaded with latest NAV software and updated definition files for increased protection.] – ISS Daily Reports (Aug. 22nd)

Let’s hope this will be a lesson to space station operations to tighten up the use of unregulated personal software (i.e. personal compact flash cards) and install basic anti-virus software the combat this problem from happening in the future.

Original Source: SpaceRef

34 Replies to “Has the First Extraterrestrial (Computer) Virus Been Discovered on the Space Station?”

  1. In a twist of increasing political might, Russian News Agencies confirmed reports that Russia has claimed the hard disk space corrupted by the ISS computer virus as official Russian territory. A top ranking Russian general who asked not to be identified added, “We will send tanks and break anyone who tries to remove the virus.” The general did not specify how he will equip the tanks to operate in space. Minutes later, the ISS crew was sent an official message from the Russian government, warning them to stear clear of the corrupted virus space or there would be “dire consequences.” The United States spared no time in a swift response, declaring the Russian behavior as malicious. Secretary Rice, in an apparent attempt to conjure up Ronald Reagan, called Russia an “evil malicious software empire.”

  2. There are also conflicting reports on the status of the Russian virus removal…

    Very nice one, David R.!! 😉

  3. jorge: The point was they were not using anything, Norton cleaned it up.

    trying to think of the problems you would have being a Astronaut/Gamer. depending on the statoins type of orbit you would have to change servers due to lag every 10+ min.

    any more ideas?

  4. This reminds me of that XKCD comic about diebold…

    If these are semi personal laptops used for recreation at any point in their existence, they will have viruses. Its simply a “my dog has fleas” situation.
    Considering that Astronauts have been caught with contraband Ipods and other personal toys before, I suspect this explains it.

    If these were supposed to be nasa-sterilized work only laptops for interfacing with the station then:
    1) When were they put on an outside network to even be infected?
    2) Why would any non Nasa or un-scanned program be installed?
    3) Who would pop their personal USB keys into something critical to the mission?

    In any case of the latter Id say:

  5. It is breathtaking that they even consider using Windows in that environment. Imagine “blue screen of death sends ISS hurtling into Earth’s atmosphere” or “Astronauts suffocate whilst Windows XP reboots.” This sounds incredibly risky – you’d have thought they’d use a unix/linux variant especially developed for the ISS.

  6. The article title is misleading. I thought they received some kinda mysterious virus from outer space; which is stupid cuz how the hell cud aliens knw our system architecture and stuff.

    Anyway, if it was aliens. I should say they were really good at C and TCP/IP. lol ^_^

  7. If they use Norton, they are in trouble!! haha
    That anti virus is a joke: not only will it not protect you, but it also helps some viruses survive.
    Really, if they use Norton, they deserve to get a serious virus. How can you be a “rocket scientist” and not see how useless that program is… They need IT/IS help.

  8. [QUOTE
    ]# Carnifex Says:
    August 26th, 2008 at 3:14 pm

    Norton? Who cares about Norton, what is WINDOWS doing up there???


  9. Using a laptop without at least two different virus protecting programs is sorta like stepping out the airlock in your spacesuit without zipping up your fly. Both leaving you hanging out in the breeze – so to speak. But, they are rocket scientists. We can’t expect them to live in the real world.

  10. lol at Norton, why not Avast, it’s perfectly fine… Also, they are super rich astronauts, and they have all of NASA to help chip in for the best anti-virus around?

  11. NORTON? That means Windows is up there. I sure hope they aren’t running Vista.

    Please, at least use the AVG antivirus, can’t they use the free personal version since this isn’t for commercial use?

    NASA….I have such respect for all you do….but Windows???
    I expected Linux or Mac up there. At least we saw an iPod in the windshield a while back and not a Zune!

    My day is now sad.

  12. They’re using Windows?!?!
    I’ve lost all faith in them…

    Windows is the WORST software for mission critical applications and stability.
    Set a process to real-time and the GUI ends up locking up when it starts using a fair amount of the CPU, that is how horrible it is.
    Fair enough if it is a seperate computer not connected to anything else (outside power).

  13. What I heard on the news said that the station doesn’t have internet access. So at least they stolen data can’t be transmitted back to earth.

  14. Yeah CARNIFEX, what is WINdoof ( WINstupid) doing up there.
    How incredibly lax of NASA to allow such a flaw in overall safety and security on the ISS…
    What are these people get paid for.

    Well, carbon copies, we hope no life-support systems are in any way controlled by computers running MS OS.

  15. No way they couldn’t be running windows on the ISS it’d have to be some in house flavor of Linux, I would have thought but hey………….

  16. This is interesting… im interesting in space i am not spaced out … dude this is cosmic aha!

Comments are closed.