Has the First Extraterrestrial (Computer) Virus Been Discovered on the Space Station?

Article written: 26 Aug , 2008
Updated: 24 Dec , 2015

Could this be the first space-borne computer virus ever discovered? It would appear that the International Space Station, orbiting at over 330 km (180 miles) above the planet, is not immune to software problems more commonly associated with computers down here on Earth. Over the last few days, astronauts on board the ISS have been tracking down a fairly benign gaming worm used by hackers to gather personal information. Although this type of virus is not considered a threat to space station operations, it does raise some questions about how the virus got up there and why the station’s computers were not protected.

The virus in question is the W32.Gammima.AG worm and it is used to automatically gather user information of people accessing online games. According to Symantec, the W32.Gammima.AG worm has a “risk level” of 1, or “very low.” Once infected with this worm, it will copy itself onto several files on the host computer, modify the operating system’s registry and then steal user data from a number of installed online games. The main point to remember about a computer worm, is that it embeds itself into a computer’s software, executes its task and then transmits sensitive data via the Internet to a remote attacker. It is not intended to do obvious harm to the host computer, it is intended to hide in the background, waiting to carry out its task.

Unless the ISS crew have been connecting to the Internet to play online games recently, it is very doubtful the personal information of the astronauts will be at risk. But this isn’t the main concern; how did the virus get there in the first place? Is the ISS vulnerable to future infection (whether it is an accidental or malicious attack)?

According to the transcript released by NASA at a space operations meeting last week (ISS 30P SORR), they very briefly outline the situation and offer some explanation as to how the infection may have happened:

Special Topic on Virus detected onboard

– W32.Gammima.AG worm. This is a level 0 gaming virus intended to gather personal information.
– Virus was never a threat to any of the computers used for cmd and cntl and no adverse effect on ISS Ops.
– Theory is virus either in initial software load or possibly transferred from personal compact flash card.
– Working with Russians (and other partners) regarding ground procedures to protect flown equipment in the future.
– It was noted that most of the IP laptops and some of the payload laptops do NOT provide virus protection/detection software

What I find surprising is that most of the computers on board the ISS do not carry basic anti-virus software. Although space is at a premium on the station, surely provision should be made to protect against viruses from Earth, especially if personal compact flash cards are coming close to operational systems?

NASA may have dodged a bullet on this one. There are many more malicious and aggressive viruses on terrestrial computers that could cause serious damage in space, especially on unprotected station systems, the crew were lucky the W32.Gammima.AG worm was not a more virile entity.

On briefly looking through the space station daily reports from the NASA operation web pages, it would appear that cosmonaut Sergey Volkov has taken charge of purging the ISS computers of any trace of the worm using Norton AntiVirus:

  • Working on the Russian RSS-2 laptop, Sergey Volkov ran digital photo flash cards from stowage through a virus check with the Norton AntiVirus application. – ISS Daily Reports (Aug. 14th)
  • Sergey checked another Russian laptop, today RSK-1, for software virus by scanning its hard drives and a photo disk with the Norton AntiVirus application. – ISS Daily Reports (Aug. 21st)
  • CDR Volkov began his day by downlinking yesterday’s Norton AntiVirus (NAV) data from the RSK-1 laptop scan. Later in the day, FE-2 Chamitoff also ran the scan on the SSC (Station Support Computer) to be used for downloading today’s 1553-bus comm files of the JEMRMS (Japanese Experiment Module/Robotic Manipulator System) Checkout #4 from the RLT (RMS Laptop Terminal) to the OpsLAN for downlinking. [All A31p laptops onboard are currently being loaded with latest NAV software and updated definition files for increased protection.] – ISS Daily Reports (Aug. 22nd)

Let’s hope this will be a lesson to space station operations to tighten up the use of unregulated personal software (i.e. personal compact flash cards) and install basic anti-virus software the combat this problem from happening in the future.

Original Source: SpaceRef

34 Responses

  1. Member

    (I know Jorge, I was about to say the same thing! Why Norton?!?!)

  2. Haplo says

    Damn Nooktoolu Nigerians!

  3. Invader Xan says

    As regards antivirus software, I think XKCD (again) said it best…

  4. Jorge says

    They use Norton anti-virus?! 😮

    That explains the origin of the problem…

  5. David R. says

    In a twist of increasing political might, Russian News Agencies confirmed reports that Russia has claimed the hard disk space corrupted by the ISS computer virus as official Russian territory. A top ranking Russian general who asked not to be identified added, “We will send tanks and break anyone who tries to remove the virus.” The general did not specify how he will equip the tanks to operate in space. Minutes later, the ISS crew was sent an official message from the Russian government, warning them to stear clear of the corrupted virus space or there would be “dire consequences.” The United States spared no time in a swift response, declaring the Russian behavior as malicious. Secretary Rice, in an apparent attempt to conjure up Ronald Reagan, called Russia an “evil malicious software empire.”

  6. Don Alexander says

    There are also conflicting reports on the status of the Russian virus removal…

    Very nice one, David R.!! 😉

  7. Kevin F. says

    Hello, I am the crown prince of the Nooktoolu nebula. If you could send me $20,000….

  8. DrNecropolis says

    Sounds to me like our astronauts snuck of copy of starcraft on board

  9. Carnifex says

    Norton? Who cares about Norton, what is WINDOWS doing up there???

  10. Jack says

    jorge: The point was they were not using anything, Norton cleaned it up.

    trying to think of the problems you would have being a Astronaut/Gamer. depending on the statoins type of orbit you would have to change servers due to lag every 10+ min.

    any more ideas?

  11. Maxwell says

    This reminds me of that XKCD comic about diebold…

    If these are semi personal laptops used for recreation at any point in their existence, they will have viruses. Its simply a “my dog has fleas” situation.
    Considering that Astronauts have been caught with contraband Ipods and other personal toys before, I suspect this explains it.

    If these were supposed to be nasa-sterilized work only laptops for interfacing with the station then:
    1) When were they put on an outside network to even be infected?
    2) Why would any non Nasa or un-scanned program be installed?
    3) Who would pop their personal USB keys into something critical to the mission?

    In any case of the latter Id say:

  12. alandee says

    That’s what happens when you surf p0rn sites ..

  13. Skunkwaffle says

    Hmm, what server are these guys on.

    Think they’ll join my guild?


  14. Klaatu says

    It is breathtaking that they even consider using Windows in that environment. Imagine “blue screen of death sends ISS hurtling into Earth’s atmosphere” or “Astronauts suffocate whilst Windows XP reboots.” This sounds incredibly risky – you’d have thought they’d use a unix/linux variant especially developed for the ISS.

  15. Tech Roach says

    The article title is misleading. I thought they received some kinda mysterious virus from outer space; which is stupid cuz how the hell cud aliens knw our system architecture and stuff.

    Anyway, if it was aliens. I should say they were really good at C and TCP/IP. lol ^_^

  16. NNM says

    If they use Norton, they are in trouble!! haha
    That anti virus is a joke: not only will it not protect you, but it also helps some viruses survive.
    Really, if they use Norton, they deserve to get a serious virus. How can you be a “rocket scientist” and not see how useless that program is… They need IT/IS help.

  17. alan says

    If you use windozes, your just begging for trouble.

  18. J.E.T. says

    ]# Carnifex Says:
    August 26th, 2008 at 3:14 pm

    Norton? Who cares about Norton, what is WINDOWS doing up there???


  19. wowist says


  20. Pop says

    Using a laptop without at least two different virus protecting programs is sorta like stepping out the airlock in your spacesuit without zipping up your fly. Both leaving you hanging out in the breeze – so to speak. But, they are rocket scientists. We can’t expect them to live in the real world.

  21. Joe M. says

    lol at Norton, why not Avast, it’s perfectly fine… Also, they are super rich astronauts, and they have all of NASA to help chip in for the best anti-virus around?

  22. Hunnter says

    They’re using Windows?!?!
    I’ve lost all faith in them…

    Windows is the WORST software for mission critical applications and stability.
    Set a process to real-time and the GUI ends up locking up when it starts using a fair amount of the CPU, that is how horrible it is.
    Fair enough if it is a seperate computer not connected to anything else (outside power).

  23. Tom says

    NORTON? That means Windows is up there. I sure hope they aren’t running Vista.

    Please, at least use the AVG antivirus, can’t they use the free personal version since this isn’t for commercial use?

    NASA….I have such respect for all you do….but Windows???
    I expected Linux or Mac up there. At least we saw an iPod in the windshield a while back and not a Zune!

    My day is now sad.

  24. vizzy says

    omg, wtf? how stupid the nasa people are to use windows ….. yeah. i don’t wonder about that.

  25. LLorrac says

    What I heard on the news said that the station doesn’t have internet access. So at least they stolen data can’t be transmitted back to earth.

  26. IKE:) the Alien lifeform says

    Yeah CARNIFEX, what is WINdoof ( WINstupid) doing up there.
    How incredibly lax of NASA to allow such a flaw in overall safety and security on the ISS…
    What are these people get paid for.

    Well, carbon copies, we hope no life-support systems are in any way controlled by computers running MS OS.

  27. Ed says

    No way they couldn’t be running windows on the ISS it’d have to be some in house flavor of Linux, I would have thought but hey………….

  28. Bonny says

    This is interesting… im interesting in space i am not spaced out … dude this is cosmic aha!

  29. Bonny says

    youve added me no fudging way!!! get out of here.

  30. Bonny says


  31. bill says

    Peace to all space dudes!””

  32. bill says

    is the milyky way milky

  33. Smartcard Cheif says

    Good blog post!

Comments are closed.