back to article Houston, we have a virus

A computer worm that ferrets out passwords managed to stow away on laptops aboard the International Space Station, NASA has confirmed. It is not the first time a NASA computer has become infected. SpaceReg.com identified the infection as W32.TGammima.AG, a worm that spreads by copying itself to removable media devices. Once in …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    BSOD

    I used to listen to the ISS activiies on Nasa TV during missions. One day they were sorting out a BSOD problem with a laptop. The guy on the ground was talking the guy on the ISS through network card driver updates. And he couldn't even chuck it out the window - how depressing!

  2. Duffy
    Gates Horns

    Space the final frontier

    Just when you think malware can't go any further in life; we find it in outer space. Just imagine the "IT protection training" lecture the person who brought the worm into space will receive.

    Bill Gates just because this is an evil story

  3. Craig
    Paris Hilton

    Dodgy web sites

    Let's cut out one potential source of infections - it's time for NASA-approved porn to be issued to all astronauts based upon individual preferences!

  4. This post has been deleted by its author

  5. Jesse Dorland
    Linux

    Alternative Operating System

    Why can't they use Linux or OS as their main operating sytem, as well as personal computer. There is not reason to use Microsoft Windows on such places.

  6. Anonymous Coward
    Anonymous Coward

    How did it get there

    "It then attempts to steal sensitive information for the following online games:

    * ZhengTu

    * Wanmi Shijie or Perfect World

    * Dekaron Siwan Mojie

    * HuangYi Online

    * Rexue Jianghu

    * ROHAN

    * Seal Online

    * Maple Story

    * R2 (Reign of Revolution)

    * Talesweaver"

    -Symantec

    Which of these games are our astronauts playing.

  7. Nat C.
    IT Angle

    Shoulda used AVG.

    Yeah, I know. Couldn't resist. =)

    @Isaias Compres

    Agreed. Why they aren't at least using Ubuntu (or preferably something like RedHat, Fedora, or SUSE or even BSD) is beyond me.

    /IT? pic, not for "Where's the IT angle?"...more like "Where's the IT department?" I guess.

  8. Destroy All Monsters Silver badge
    Coat

    Let Freedom Ring!

    ...at least it's not a dialer.

  9. Anonymous Coward
    Thumb Down

    RE: Alternative Operating System

    Because Lunix is crap, thats why.

  10. bruceld
    Thumb Down

    for the Lintards and Mactards

    I don't recommend they use Windows, Linux or Mac. Any tard with programming knowledge can hack them. They should design their own operating systems.

  11. Joe Harrison
    Coat

    What Would It Do With The Stolen Password?

    What could the virus/worm/space infestation actually done, well, apart from accidentally shutting down life support.

    Anyways, surely they would have even the most basic virus checker?

    I'll wait for the RIAA to file a lawsuit with NASA, for astronauts downloading music.

    Mine's the one with worm food in the pockets...

  12. Anonymous Coward
    Thumb Up

    @Isaias Compres

    "WTF

    By Isaias Compres Posted Tuesday 26th August 2008 23:07 GMT One would expect scientists at NASA would know better and use some Linux or Unix.

    "

    everybody knows they prefered the Amiga OS at NASA ;)

    shame theres no hardware updates anyware, perhaps they can get dave and carl to make one for them on commission.

    http://www.polyphoto.com/upchug/HalInterview-eng.html

  13. Anonymous Coward
    Anonymous Coward

    Busted !

    This is final proof that it is actually the astronauts themselves that write viruses in their spare time !

  14. Steven Swenson
    Unhappy

    @Anonymous Coward

    If Linux is such crap, why can't it catch viruses?

    Seriously though, everybody should know by now that you DO NOT use Windows for anything remotely important. Whether it be keeping multibillion dollar space stations in orbit, powering government organizations, or running a life support machine.

    Yes, there is a life support machine with Windows on it. If any hospital ever tried to hook up any loved one of mine to a Windows life support machine, I would take them to another hospital.

  15. Mark McGuire
    Happy

    Science Test

    They should leave the virus in space and let it grow, maybe it will turn into a super-virus!

  16. Henry Wertz Gold badge

    The Russians don't use Windows though...

    Several years back (when one of NASA's ISS-resident windows boxes dropped dead), I read the Russian side was running 486 notebooks with FreeBSD. FreeBSD because it's reliable, 486es because the Russian space agency found that Pentium, P2, P3, etc.'s die shrinks made them susceptible to cosmic rays.

  17. Kanhef

    re: alternative operating system

    They use Windows because they've been using it for years and migrating to Linux is far too expensive for them to justify, especially with Congress cutting their budget year after year. Every program they use would have to be rewritten. They'd have to make sure that Linux would install and run properly on every computer system. And they'd have to test and debug the hell out of it for a year or two before deploying it on mission-critical hardware.

  18. Neoc

    Windows? Mission-critical?

    Puzzled... last time I looked, MS's own EULA discouraged using Windows on any real-time or mission-critical hardware.

    Heck, the EULA even admits Windows is not fit-for-purpose (the bit about not being responsible if the OS causes you to loose work/data/life/etc...)

  19. Adam White

    RE: for the Lintards and Mactards

    Security through Obscurity eh Bruce?

    http://www.answers.com/topic/security-through-obscurity

    If you're looking for a secure OS you could probably do worse than OpenBSD, the antithesis of the Security-Through-Obscurity approach

    http://www.openbsd.org/

  20. Anonymous Coward
    Anonymous Coward

    I would have gone back to the OEM

    .. they should have purchased next day, on-site cover for it.

    I'd love to hear the (e.g.) Dell phone monkey's response to an engineer call out from the ISS.

  21. Mark Broadhurst
    Jobs Horns

    for the mactards

    they would use Mac OS but unfortuntaly you cant install it on propratory hardward like the space station.

  22. John

    Is this a good defence if you...

    ... have a Wi-Fi network and you get nobbled for sharing dodgy files, I mean for Pete's sake, if N.A.S.A can't keep their systems secure and clean what chance do the rest of us. Surely it *has* to mean that literally no-one can be legally held responsible for their network and abuses of it when the military and N.A.S.A. can't secure theirs with supposedly highly trained administrators and security specialists.

  23. D. M

    I think I read they run Windows server too

    Now, that's one of the real Blue Screen of DEATH.

    Why the hell they couldn't use something decent, like BSD/UNIX/Linux?

  24. Anonymous Coward
    Boffin

    re: alternative operating system

    "The infected machines were not considered mission critical, meaning they weren't responsible for command and control. "

    I'm sure those mission critical ones run Linux or Solaris. Seeing how many kernel modules in the Linux kernel source were written by NASA folks. Those machines that do run Windows are probably used to run whatever usermode software they need for their experiments (zero-G counter-strike with VR glasses, anyone?)

  25. N

    Wow!

    Is this the first worm in space, or did the Russians get one into obit before them?

  26. lansalot
    Coat

    eh ?

    Were they playing "Out of this World of Warcraft" ?

  27. Alex Brett

    Internet

    To all those asking what it could do and how it could get there etc, I'm fairly sure I read an article saying that during certain com passes the ISS does have access to the internet etc...

  28. JP Sistenich
    Paris Hilton

    @How did it get there...

    It was the Chinese spy! HE accidentally transfered the virus when stealing all the designs to the anti-grav unit Nasa has been developing...

  29. ilago
    Stop

    @ Kanhef

    "Alternative operating system that they'd have to make sure that Linux would install and run properly on every computer system."

    What an irresponsible attitude. They should have been making sure that Windows was equally well tested.

    Regardless of the operating system selected, shouldn't this have been part of their testing and compliance procedures? Any risk assessment for a computer system should have included that Windows is subject to malware infections at a rate exponentially higher than any other operating system. It's not as though it's a state secret or anything.

  30. Richard Porter
    Go

    Security through obscurity ...

    works fine unless you are a prime target. I do run a virus checker but it hasn't spotted anything remotely threatening in the last six years. Of course being careful what you download/open/visit/etc. is important too.

  31. Toastan Buttar
    Gates Horns

    7 years too late...

    Open the pod bay door please, Bill.

  32. Richard Hebert
    Happy

    you're all missing the obvious ..

    They get those surfing for pr0n ..

    heck .. the guys get lonely .. give them a break !

    Fuzzy

  33. Anonymous Coward
    Anonymous Coward

    @ Steven Swenson

    "If Linux is such crap, why can't it catch viruses?"

    Symantec appears to disagree...

    http://www.symantec.com/security_response/writeup.jsp?docid=2004-052312-2729-99

  34. Anonymous Coward
    Alien

    Will Smith?

    Could this be an Independence Day scenario? Malware bearing flyboy steals crashed alien space craft, docks with ISS and types 'Upload Virus'.

  35. Richard Hodgson
    Paris Hilton

    Non-mission critical...

    People are thinking too far in the box here: I'm thinking that these were the crew's in-flight entertainment to combat the stress and loneliness of living in space. They were probably using Windows rather than Linux because they were probably using the laptops to play games.

    Paris, because the laptops probably contain a few of her videos. In-flight entertainment indeed...

  36. David Kelly
    Linux

    @AC who posted Symantec link

    A low risk Linux virus dated 2001, is that the best you could do? That's what you consider "proof" that Linux is susceptible to viruses? What a joke!

  37. Anonymous Coward
    Flame

    *Nix? Lightweights...

    Should have used VMS! Incidentally, I find it hard to believe that the infected machines were used for anything critical. The problem would come if the non-critical systems (gaming/pr0n laptops!) were hooked up to a critical system...

  38. D. M
    Paris Hilton

    @ilago

    No amount of test can save that piece of crap called "Microsoft Windows".

    By the way, I seem to remember your British navy uses/will use win2k for weapon control system on warship. That's really scary. They are meant to be able to carry nuclear warhead ...

    PH, because even she won't make suck stupid decisions.

  39. Richard
    Thumb Up

    ISSISP

    There's been a little comment on "how does a virus infect a machine in space without an internet connection?".

    Well, if you watch a couple of the NASA documentaries, you'll see that the ISS actually has a little network going on, complete with wireless access. Due to the time taken to verify security and reliability the laptops tend to run Windows 98 (insert own joke about reliability here), as this was the last "certified" Windows OS.

    The ISS itself periodically has an internet connection back to earth. Its not constant as the running costs would be astronomical (I'm here all week people), so its just connected when needed, and IIRC once or twice a day for the crew to keep in touch with email.

    So yes, even the ISS is not immune to internet viral infection.

    -- Richard

  40. George

    @ All who posted Windows comments...

    *yawn*

  41. Anonymous Coward
    Paris Hilton

    @ Steven Swenson

    What a load of CR@P

    So you can say to me you arrive in A&E requiring immediate life saving treatment. You or your loved one is wheeled into the appropriate room and the staff are all ready to hook the person up to the life support machine when you pipe up with this:

    "Hang on doctor, could you inform me the OS of that LIFE SUPPORT machine please?

    "Windows" replies the doctor.

    You reply, "Not good enough. Point me in the direction of an A&E department with a non windows life support machine, I'm outta here and I am taking my loved one with me"

    Apart from the fact the surgeon probably won't care what OS is on his kit, you should sure as hell be grateful they are about to save your loved ones life FFS.

    GET A LIFE and accept the fact that whether you like it or not windows is being used globally for all manner of operations and will continue to do so.

    To lighten the post, Paris as she certainly doesn't care what she has on her equipment!!!! Oh and annonymously as I work in a very sensative area.........

  42. Anonymous Coward
    Anonymous Coward

    First step ban any and all Microsoft products ...

    ... then fire everyone to the highest levels that approved the use of any

    product and or service from Microsoft and or an affiliate.

    Consider taking legal action and suing.

    Posted anonymously since I'm surround by and forced to use (as in do not use/do not get paid) said virus distribution software.

  43. Mark Dempster

    Linux Viruses

    >A low risk Linux virus dated 2001, is that the best you could do? That's what

    you consider "proof" that Linux is susceptible to viruses? What a joke!<

    Any OS is susceptible to viruses, but until usage of an OS reaches levels capable of bringing in the profit they desire, most virus writers won't target it. I've always suspected that most of the 'nuisance' (as opposed to criminal) viruses out there are written by Linux users with a toolkit anyway...

    And yes, I do know Linux quite well. I've been using various flavours of Unix professionally since the early 1990's, as well as Macs from an early stage. I have no doubt that should I be so inclined I could write a virus for any of them. Fortunately I'm not that antisocial! ;-)

  44. paul clarke
    Happy

    Area 51....

    ... Anyone remember Independence Day? Perhaps someone is trying to destroy the ISS by sending it a cold?

    So what have the people on the ISS done wrong then? Perhaps the invasion of South Ossetia had a more sinister beginnings?

    LOL

  45. Anonymous Coward
    Paris Hilton

    @ David Kelly

    Yawn, same old same old anti Microsoft crap.

    We are aware that there is far less malware in the wild for Linux than Windows.

    We are aware that there are far less vulnerabilities for Linux than Windows.

    Yes, Linux is susceptible to malware. The fact that is far easier to compromise a Windows box than a Linux one, does not mean that Linux is not susceptible.

    Oh look a new Linux vulnerability from last week.

    http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3276

    The only joke here is the standard anti Microsoft posts.

    Paris, because im sure she has had a few viruses (of a very different type).

  46. David Stever
    Boffin

    Geek Squad and Bigelow Aerospace to the Rescue!

    At last- Bigelow Aero and Best Buy could ink an agreement to supply IT help from the safety of the Presurized Inflatable Space Station (PISS) to the International Space Station (ISS). If they put one of those guys in the white shirt and black tie in orbit, they can have then close enough to dispatch from one to the other for these needed quick IT fixes.

    Imagine how far the the Best Buy adverts would go after that. Maybe Bigelow could build a module painted to look like a black and white VW bug with the orange sticker on the side. (or would the taxi vehicle be painted in those colors?) This could be so much better then Arthur Clarke's idea fifty years that the first advert in space would be a Coca Cola logo projected on the lunar surface.

  47. James Pickett
    Happy

    Impressed

    "The ISS itself periodically has an internet connection back to earth"

    That's some wireless card they've got...

  48. Michael

    @ Steven Swenson

    >>>If Linux is such crap, why can't it catch viruses?

    It's not that Linux can't get STD's, it's that it's not having any sex.

    No one wants to write a virus whose target is so miniscule.

  49. Anonymous Coward
    Gates Horns

    WGA not a virus !

    You copy of windows is NOT genuine therefore we are going to turn off the life support systems until you buy a new key !

  50. J
    Coat

    Hm...

    "No one wants to write a virus whose target is so miniscule."

    "Miniscule" is the intellect of people writing such comments... Ever wondered what runs most of the intertubes you're surfing right now?

  51. Chris
    Flame

    NASA - bunch of Onanists!

    No, seriously. The article that I read (http://news.bbc.co.uk/1/hi/technology/7583805.stm) stated that NASA has NO anti-virus systems in place on the ISS - OR laptops used by crew.

    "The laptops carried by astronauts reportedly do not have any anti-virus software on them to prevent infection. "

    "Muppets who know it won't happen to them because they are too smart" springs to mind...

    OK, fair enough, IF the onboard systems are completely isolated from the laptops the astronuts use - which NASA claim is the case - fair enough, there's justification for keeping those systems as 'clean' as possible.

    Let's take the risky ('risky'? Yes. given the level of incompetence evident here, I think that's a fair assessment) assumption that that is the case.

    That leaves NASA clearly in the position of having NO 'corporate' policy regarding virus/spyware/malware protection for portable computers used by their staff/visitors (God alone knows what the situation is throughout the rest of the 'organisation'!).

    And that suggests a level of irresponsibility that is, especially in this case, beyond belief.

    In my area own of professional responsibility I ensure that all systems are adequately protected, staff are made aware that they MUST use the recommended protection software (which I provide and if required will install and set up) on their own systems, both 'home' and 'private' laptops (it's a publishing company, anyone with experience of such outfits will be aware of why this is necessary...).

    In addition, visitors are NOT allowed access to the network until their laptops have been checked for adequate protection.

    Anyone failing to comply is held directly responsible in the event of problems arising as a result.

    So, who the hell's in charge of NASA's IT security?

    Ah, right, that would be the complete tosser who's already mumbled excuses about "USB drives"

    "It is thought that the virus might have travelled via a flash or USB drive owned by an astronaut and taken into space."

    Nice try asshole - but IF you were doing your job, IF NASA had something resembling a half competent IT security policy, it couldn't have happened...

    Pop in an external device with infected files and the software you didn't even have installed would have prevented the issue, after all, it's not as if this was a brand new (August 2007 FFS!) previously unheard of worm...

    No wonder this outfit has a record of incinerating Shuttle crews!

    It's blindingly obvious that NASA's management is totally incompetent.

    Unfair? Nope. Shit runs downhill. If you find an organisation that has a record of failure to perform, in my experience, the problem starts at the top.

    And while I may not be qualified to comment on NASA's inability to keep Shuttle crews alive, I certainly am qualified to judge their inability to handle IT security!

  52. David Kelly

    @AC

    "We are aware that there is far less malware in the wild for Linux than Windows"

    Quite an understatement. How many Linux viruses have you ever encountered *in the wild*? In the last decade I've seen none, despite administering thousands of Linux boxes for very attractive security targets such as ISPs and high street banks.

    "Yes, Linux is susceptible to malware. The fact that is far easier to compromise a Windows box than a Linux one, does not mean that Linux is not susceptible."

    Of course every OS is susceptible to malware in theory but ultimately it's practicalities that matter. Had NASA been running Linux on those laptops what would have been the realistic chances of those machines being infected by a virus?

    "Oh look a new Linux vulnerability from last week"

    DOS != virus

    "The only joke here is the standard anti Microsoft posts"

    Is it any wonder people make anti-M$ posts given its pathetic security history?

  53. This post has been deleted by its author

  54. Ambi Valent
    Unhappy

    NASA???

    National Anti-virus Sucks Again......oh forget it. That dint come out right.

This topic is closed for new posts.

Other stories you might like