Malware reaches space station

Posted by   Virus Bulletin on   Aug 29, 2008

Autorun worm found on non-critical systems.

US space agency NASA has confirmed reports that laptops in use on the international space station have been found to have been infected with password-stealing malware.

The infected systems are said to be non-mission-critical and used by space station crew for email and recording data from 'nutritional experiments'. According to NASA spokespeople, all systems are isolated from the web and all data must pass through supposedly secure indirect links. However, as the malware in question appears to be a worm which spreads via USB sticks, it seems likely that the infection was introduced in this manner, and that the systems had not had autorun disabled, a fairly basic security step. It is not clear whether the more vital computer systems on the station use the same tight isolation methods.

The infection was discovered during a 'routine scan' with Symantec's Norton product, and was apparently not the first such incident, hinting that resident scanning was not in use. Other systems are now having Norton installed on them.

Full details are at Wired here or at ITWire here.

Posted on 29 August 2008 by Virus Bulletin



Latest posts:

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

VB2021 localhost videos available on YouTube

VB has made all VB2021 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.