International Space Station Infected by Virus!

Outsmart Malicious Hackers


Now you think they’d know better than having Autorun enabled in the International Space Station? But no, they obviously didn’t and they got owned by some fairly innocuous thumb drive auto-spreader.

It wouldn’t really be news if anyone else got infected, but come on this is supposed to the pinnacle of security or something?

NASA confirmed this week that a computer on the International Space Station is infected with a virus. (See “Houston, we have a virus” at The Register.)

The malicious software is called W32.TGammima.AG, and technically it’s a worm. The interesting point, other than how NASA could let this happen, is the way the worm spreads–on USB flash drives.

Malicious software spread by USB flash drives and other removable media takes advantage of a questionable design decision by Microsoft. Windows is very happy to run a program automatically when a USB flash drive is inserted into a PC. How convenient, both for end users and for bad guys.

It once again comes down to convenience, security is the opposite of convenience – the more secure something is, the less usable it is and vice versa.

But that’s why there are experts in this field that can come to a decent balance between the two, both usability and security. Obviously these experts weren’t employed in this case..

Abrams blogged about this back in December, and I wrote about it in March. In that posting, I described how to disable autorun for Windows XP and Windows 2000 and I just revised it to include Vista.

In his December blog, Abrams writes, “Fundamentally, there are two types of readers here. The first type will disable autorun and be more secure. The second type will eventually be victims.”

Don’t be a victim, disable autorun (also known as autoplay) for all devices. It may be a bit inconvenient going forward, but to me, the added safety is well worthwhile.

I agree, don’t be a victim, run Linux! Ooops my bad, I mean disable autorun/autoplay and choose yourself what you want to run.

Source: Cnet (Thanks Morgan)

Posted in: Malware

, , , ,


Latest Posts:


BootStomp - Find Bootloader Vulnerabilities BootStomp – Find Android Bootloader Vulnerabilities
BootStomp is a Python-based tool, with Docker support that helps you find two different classes of bootloader vulnerabilities and bugs.
Google Chrome Marking ALL Non-HTTPS Sites Insecure July 2018 Google Chrome Marking ALL Non-HTTPS Sites Insecure July 2018
Google is ramping up its campaign against HTTP only sites and is going to mark ALL Non-HTTPS sites insecure in July 2018 with the release of Chrome 68.
altdns - Subdomain Recon Tool With Permutation Generation altdns – Subdomain Recon Tool With Permutation Generation
Altdns is a subdomain recon tool in Python that allows for the discovery of subdomains that conform to patterns. The tool takes in words that could be present in subdomains under a domain (such as test, dev, staging) as well as takes in a list of subdomains that you know of.
0-Day Flash Vulnerability Exploited In The Wild 0-Day Flash Vulnerability Exploited In The Wild
So another 0-Day Flash Vulnerability is being exploited in the Wild, a previously unknown flaw which has been labelled CVE-2018-4878 and it affects 28.0.0.137 and earlier versions
dorkbot - Command-Line Tool For Google Dorking dorkbot – Command-Line Tool For Google Dorking
dorkbot is a modular command-line tool for Google dorking, which is performing vulnerability scans against a set of web pages returned by Google search queries in a given Google Custom Search Engine.
USBPcap - USB Packet Capture For Windows USBPcap – USB Packet Capture For Windows
USBPcap is an open-source USB Packet Capture tool for Windows that can be used together with Wireshark in order to analyse USB traffic without using a Virtual Machine.


6 Responses to International Space Station Infected by Virus!

  1. Morgan Storey September 18, 2008 at 11:31 pm #

    Have to really thank my boss who sent this through to me for a laugh. Same day I saw it here: http://www.thedarkvisitor.com/2008/08/chinese-hacker-malware-infects-international-space-station/
    They go into more detail, in that it may have been more than an accident as it was Chinese spyware used for getting online gaming passwords and usernames. Maybe it was re-purposed?

  2. SpikyHead September 21, 2008 at 6:14 am #

    Thats the reason we advise our clients NOT to allow USBdrives unless its very important. and iPODs are a big NO-NO

  3. Goodpeople September 22, 2008 at 7:07 am #

    ISS runs on windows huh? One more reason not to go up there… :-)

  4. Morgan Storey September 22, 2008 at 11:42 am #

    @Goodpeople: No I think it was just one of the experimenters laptops from what I have read.

  5. Navin September 23, 2008 at 12:25 pm #

    Ya morgan is right…some dude thought it was a good idea to carry some data with him on his trip….and when he inserted his USB drive…..VIRUS VIRUS VIRUS!!…OOps I mean worm worm worm!!

  6. Pantagruel September 24, 2008 at 6:55 am #

    Houston we have a problem ;)

    Guess some cosmonaut was thinking IIS to be a nice ‘camping’ spot for some online fraggin’.

    I find it rather strange that the people borading for IIS aren’t checked more thoroughly, there should be a “NO usb gadget!” rule and all data carriers should be thoroughly scanned for viral and other malware. Seem rather silly to lose your sciencetific works due to some malware or perhaps even send IIS crashing just because someone wanted to look at some pictures of his/her partner and kids.