By Dee Chisamera
13:28, August 28th 2008
We all know what computer viruses are capable of these days, but the latest manifestation of this kind went outside the “regular” activity sphere, into space. NASA confirmed that some laptops on the International Space Station have been infected with the W32.Gammima.AG virus, a worm that usually steals user names and passwords for online games.
The incident was first reported by space news website SpaceRef.com, according to which the virus was never a threat to any of the computers on the ISS, and had no adverse effects on any of the operations on the International Space Station.
The W32.Gammima.AG virus was first discovered by Symantec on August 27, 2007, as a worm affecting Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP. According to them, the worm spreads by copying itself to removable media.
The threat assessment report reveals that in fact the virus has a low geographical distribution, it’s easy to contain and remove; the damage level was assessed to be low. Its favorite activity involves stealing sensitive information from the several online games, such as ZhengTu, Wanmi Shijie or Perfect World, Dekaron Siwan Mojie, HuangYi Online, Rexue Jianghu, ROHAN, Seal Online, Maple Story, R2 (Reign of Revolution), Talesweaver.
The process is very simple: the worm infiltrates into all drives from C to Z, and then creates an autorun file so that it executes whenever the drive is accessed. The next step is to create a registry entry so that it executes whenever Windows starts, and start looking for sensitive information.
“This is not the first time we have had a worm or a virus,” NASA spokesman Kelly Humphries told Wired News. “It’s not a frequent occurrence, but this isn’t the first time.” However, NASA downplayed the rumors that the virus got out of hand, calling it a “nuisance” affecting non-critical laptops, usually used for e-mail or nutritional experiments.
How was this possible? It appears that some of the laptops carried by the astronauts on the International Space Station have no anti-virus system. It still remains unclear how the laptop got on the ISS, but the possibilities are either from the initial software load, although laptops are usually scanned before it goes into space, or from a thumb drive.
There is no direct Internet connection on the International Space Station, so the virus is most likely to have travelled through storage drives. In order to prevent such incidents from repeating, NASA said all laptops currently benefit from the latest, updated version of Norton AntiVirus.
Symantec’s recommendations to protect against the W32.Gammima.AG include turning off and removing unneeded services, such as FTP server, telnet, or a Web server, which are normally vulnerable to such attacks, keeping patch levels up-to-date, isolating exploited services until a patch is applied, and not opening attachments commonly used to spread viruses, such as .vbs, .bat, .exe, .pif, and .scr files.
According to NASA, the investigation on how the virus got on the ISS laptops will continue (however, the cause may not be revealed for security reasons). Furthermore, the entire ISS crew is working on stopping the virus from spreading, as well as on preventing any similar actions from happening again.
Source: http://www.efluxmedia.com/news_Computer_Virus_Makes_Extraterrestrial_Landing_On_ISS_Laptops_23133.html
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment