Universe Today
[/caption] Could this be the first space-borne computer virus ever discovered? It would appear that the International Space Station, orbiting at over 330 km (180 miles) above the planet, is not immune to software problems more commonly associated with computers down here on Earth. Over the last few days, astronauts on board the ISS have been tracking down a fairly benign gaming worm used by hackers to gather personal information. Although this type of virus is not considered a threat to space station operations, it does raise some questions about how the virus got up there and why the station's computers were not protected.
The virus in question is the
W32.Gammima.AG worm
and it is used to automatically gather user information of people accessing online games.
According to Symantec
, the
W32.Gammima.AG worm
has a "risk level" of 1, or "very low." Once infected with this worm, it will copy itself onto several files on the host computer, modify the operating system's registry and then steal user data from a number of installed online games. The main point to remember about a computer worm, is that it embeds itself into a computer's software, executes its task and then transmits sensitive data via the Internet to a remote attacker. It is not intended to do obvious harm to the host computer, it is intended to hide in the background, waiting to carry out its task.
Unless the ISS crew have been connecting to the Internet to play online games recently, it is very doubtful the personal information of the astronauts will be at risk. But this isn't the main concern; how did the virus get there in the first place? Is the ISS vulnerable to future infection (whether it is an accidental or malicious attack)?
According to the transcript
released by NASA at a space operations meeting
last week (ISS 30P SORR), they very briefly outline the situation and offer some explanation as to how the infection may have happened:
What I find surprising is that most of the computers on board the ISS do not carry basic anti-virus software. Although space is at a premium on the station, surely provision should be made to protect against viruses from Earth, especially if
personal compact flash cards
are coming close to operational systems?
NASA may have dodged a bullet on this one. There are many more malicious and aggressive viruses on terrestrial computers that could cause serious damage in space, especially on unprotected station systems, the crew were lucky the
W32.Gammima.AG worm
was not a more virile entity.
On briefly looking through the
space station daily reports
from the NASA operation web pages, it would appear that cosmonaut Sergey Volkov has taken charge of purging the ISS computers of any trace of the worm using Norton AntiVirus:
- Working on the Russian RSS-2 laptop, Sergey Volkov ran digital photo flash cards from stowage through a virus check with the Norton AntiVirus application. - ISS Daily Reports (Aug. 14th)
- Sergey checked another Russian laptop, today RSK-1, for software virus by scanning its hard drives and a photo disk with the Norton AntiVirus application. - ISS Daily Reports (Aug. 21st)
- CDR Volkov began his day by downlinking yesterday’s Norton AntiVirus (NAV) data from the RSK-1 laptop scan. Later in the day, FE-2 Chamitoff also ran the scan on the SSC (Station Support Computer) to be used for downloading today’s 1553-bus comm files of the JEMRMS (Japanese Experiment Module/Robotic Manipulator System) Checkout #4 from the RLT (RMS Laptop Terminal) to the OpsLAN for downlinking. [All A31p laptops onboard are currently being loaded with latest NAV software and updated definition files for increased protection.] - ISS Daily Reports (Aug. 22nd)
Let's hope this will be a lesson to space station operations to tighten up the use of unregulated personal software (i.e. personal compact flash cards) and install basic anti-virus software the combat this problem from happening in the future.
SpaceRef