Just when you think malware can't go any further in life; we find it in outer space. Just imagine the "IT protection training" lecture the person who brought the worm into space will receive.

Bill Gates just because this is an evil story

I used to listen to the ISS activiies on Nasa TV during missions. One day they were sorting out a BSOD problem with a laptop. The guy on the ground was talking the guy on the ISS through network card driver updates. And he couldn't even chuck it out the window - how depressing!

Let's cut out one potential source of infections - it's time for NASA-approved porn to be issued to all astronauts based upon individual preferences!

One would expect scientists at NASA would know better and use some Linux or Unix.

Why can't they use Linux or OS as their main operating sytem, as well as personal computer. There is not reason to use Microsoft Windows on such places.

"It then attempts to steal sensitive information for the following online games:

* ZhengTu

* Wanmi Shijie or Perfect World

* Dekaron Siwan Mojie

* HuangYi Online

* Rexue Jianghu

* ROHAN

* Seal Online

* Maple Story

* R2 (Reign of Revolution)

* Talesweaver"

-Symantec

Which of these games are our astronauts playing.

Yeah, I know. Couldn't resist. =)

@Isaias Compres

Agreed. Why they aren't at least using Ubuntu (or preferably something like RedHat, Fedora, or SUSE or even BSD) is beyond me.

/IT? pic, not for "Where's the IT angle?"...more like "Where's the IT department?" I guess.

Because Lunix is crap, thats why.

I don't recommend they use Windows, Linux or Mac. Any tard with programming knowledge can hack them. They should design their own operating systems.

...at least it's not a dialer.

What could the virus/worm/space infestation actually done, well, apart from accidentally shutting down life support.

Anyways, surely they would have even the most basic virus checker?

I'll wait for the RIAA to file a lawsuit with NASA, for astronauts downloading music.

Mine's the one with worm food in the pockets...

"WTF

By Isaias Compres Posted Tuesday 26th August 2008 23:07 GMT One would expect scientists at NASA would know better and use some Linux or Unix.

"

everybody knows they prefered the Amiga OS at NASA ;)

shame theres no hardware updates anyware, perhaps they can get dave and carl to make one for them on commission.

http://www.polyphoto.com/upchug/HalInterview-eng.html

This is final proof that it is actually the astronauts themselves that write viruses in their spare time !

If Linux is such crap, why can't it catch viruses?

Seriously though, everybody should know by now that you DO NOT use Windows for anything remotely important. Whether it be keeping multibillion dollar space stations in orbit, powering government organizations, or running a life support machine.

Yes, there is a life support machine with Windows on it. If any hospital ever tried to hook up any loved one of mine to a Windows life support machine, I would take them to another hospital.

They should leave the virus in space and let it grow, maybe it will turn into a super-virus!

Several years back (when one of NASA's ISS-resident windows boxes dropped dead), I read the Russian side was running 486 notebooks with FreeBSD. FreeBSD because it's reliable, 486es because the Russian space agency found that Pentium, P2, P3, etc.'s die shrinks made them susceptible to cosmic rays.

They use Windows because they've been using it for years and migrating to Linux is far too expensive for them to justify, especially with Congress cutting their budget year after year. Every program they use would have to be rewritten. They'd have to make sure that Linux would install and run properly on every computer system. And they'd have to test and debug the hell out of it for a year or two before deploying it on mission-critical hardware.

Puzzled... last time I looked, MS's own EULA discouraged using Windows on any real-time or mission-critical hardware.

Heck, the EULA even admits Windows is not fit-for-purpose (the bit about not being responsible if the OS causes you to loose work/data/life/etc...)

Security through Obscurity eh Bruce?

http://www.answers.com/topic/security-through-obscurity

If you're looking for a secure OS you could probably do worse than OpenBSD, the antithesis of the Security-Through-Obscurity approach

http://www.openbsd.org/

.. they should have purchased next day, on-site cover for it.

I'd love to hear the (e.g.) Dell phone monkey's response to an engineer call out from the ISS.

they would use Mac OS but unfortuntaly you cant install it on propratory hardward like the space station.

... have a Wi-Fi network and you get nobbled for sharing dodgy files, I mean for Pete's sake, if N.A.S.A can't keep their systems secure and clean what chance do the rest of us. Surely it *has* to mean that literally no-one can be legally held responsible for their network and abuses of it when the military and N.A.S.A. can't secure theirs with supposedly highly trained administrators and security specialists.

Now, that's one of the real Blue Screen of DEATH.

Why the hell they couldn't use something decent, like BSD/UNIX/Linux?

"The infected machines were not considered mission critical, meaning they weren't responsible for command and control. "

I'm sure those mission critical ones run Linux or Solaris. Seeing how many kernel modules in the Linux kernel source were written by NASA folks. Those machines that do run Windows are probably used to run whatever usermode software they need for their experiments (zero-G counter-strike with VR glasses, anyone?)

Is this the first worm in space, or did the Russians get one into obit before them?

Were they playing "Out of this World of Warcraft" ?

To all those asking what it could do and how it could get there etc, I'm fairly sure I read an article saying that during certain com passes the ISS does have access to the internet etc...

It was the Chinese spy! HE accidentally transfered the virus when stealing all the designs to the anti-grav unit Nasa has been developing...

"Alternative operating system that they'd have to make sure that Linux would install and run properly on every computer system."

What an irresponsible attitude. They should have been making sure that Windows was equally well tested.

Regardless of the operating system selected, shouldn't this have been part of their testing and compliance procedures? Any risk assessment for a computer system should have included that Windows is subject to malware infections at a rate exponentially higher than any other operating system. It's not as though it's a state secret or anything.

Open the pod bay door please, Bill.

works fine unless you are a prime target. I do run a virus checker but it hasn't spotted anything remotely threatening in the last six years. Of course being careful what you download/open/visit/etc. is important too.

They get those surfing for pr0n ..

heck .. the guys get lonely .. give them a break !

Fuzzy

"If Linux is such crap, why can't it catch viruses?"

Symantec appears to disagree...

http://www.symantec.com/security_response/writeup.jsp?docid=2004-052312-2729-99

Could this be an Independence Day scenario? Malware bearing flyboy steals crashed alien space craft, docks with ISS and types 'Upload Virus'.

People are thinking too far in the box here: I'm thinking that these were the crew's in-flight entertainment to combat the stress and loneliness of living in space. They were probably using Windows rather than Linux because they were probably using the laptops to play games.

Paris, because the laptops probably contain a few of her videos. In-flight entertainment indeed...

A low risk Linux virus dated 2001, is that the best you could do? That's what you consider "proof" that Linux is susceptible to viruses? What a joke!

Should have used VMS! Incidentally, I find it hard to believe that the infected machines were used for anything critical. The problem would come if the non-critical systems (gaming/pr0n laptops!) were hooked up to a critical system...

No amount of test can save that piece of crap called "Microsoft Windows".

By the way, I seem to remember your British navy uses/will use win2k for weapon control system on warship. That's really scary. They are meant to be able to carry nuclear warhead ...

PH, because even she won't make suck stupid decisions.

*yawn*

There's been a little comment on "how does a virus infect a machine in space without an internet connection?".

Well, if you watch a couple of the NASA documentaries, you'll see that the ISS actually has a little network going on, complete with wireless access. Due to the time taken to verify security and reliability the laptops tend to run Windows 98 (insert own joke about reliability here), as this was the last "certified" Windows OS.

The ISS itself periodically has an internet connection back to earth. Its not constant as the running costs would be astronomical (I'm here all week people), so its just connected when needed, and IIRC once or twice a day for the crew to keep in touch with email.

So yes, even the ISS is not immune to internet viral infection.

-- Richard

What a load of CR@P

So you can say to me you arrive in A&E requiring immediate life saving treatment. You or your loved one is wheeled into the appropriate room and the staff are all ready to hook the person up to the life support machine when you pipe up with this:

"Hang on doctor, could you inform me the OS of that LIFE SUPPORT machine please?

"Windows" replies the doctor.

You reply, "Not good enough. Point me in the direction of an A&E department with a non windows life support machine, I'm outta here and I am taking my loved one with me"

Apart from the fact the surgeon probably won't care what OS is on his kit, you should sure as hell be grateful they are about to save your loved ones life FFS.

GET A LIFE and accept the fact that whether you like it or not windows is being used globally for all manner of operations and will continue to do so.

To lighten the post, Paris as she certainly doesn't care what she has on her equipment!!!! Oh and annonymously as I work in a very sensative area.........

... then fire everyone to the highest levels that approved the use of any

product and or service from Microsoft and or an affiliate.

Consider taking legal action and suing.

Posted anonymously since I'm surround by and forced to use (as in do not use/do not get paid) said virus distribution software.

>A low risk Linux virus dated 2001, is that the best you could do? That's what

you consider "proof" that Linux is susceptible to viruses? What a joke!<

Any OS is susceptible to viruses, but until usage of an OS reaches levels capable of bringing in the profit they desire, most virus writers won't target it. I've always suspected that most of the 'nuisance' (as opposed to criminal) viruses out there are written by Linux users with a toolkit anyway...

And yes, I do know Linux quite well. I've been using various flavours of Unix professionally since the early 1990's, as well as Macs from an early stage. I have no doubt that should I be so inclined I could write a virus for any of them. Fortunately I'm not that antisocial! ;-)

... Anyone remember Independence Day? Perhaps someone is trying to destroy the ISS by sending it a cold?

So what have the people on the ISS done wrong then? Perhaps the invasion of South Ossetia had a more sinister beginnings?

LOL

Yawn, same old same old anti Microsoft crap.

We are aware that there is far less malware in the wild for Linux than Windows.

We are aware that there are far less vulnerabilities for Linux than Windows.

Yes, Linux is susceptible to malware. The fact that is far easier to compromise a Windows box than a Linux one, does not mean that Linux is not susceptible.

Oh look a new Linux vulnerability from last week.

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3276

The only joke here is the standard anti Microsoft posts.

Paris, because im sure she has had a few viruses (of a very different type).

At last- Bigelow Aero and Best Buy could ink an agreement to supply IT help from the safety of the Presurized Inflatable Space Station (PISS) to the International Space Station (ISS). If they put one of those guys in the white shirt and black tie in orbit, they can have then close enough to dispatch from one to the other for these needed quick IT fixes.

Imagine how far the the Best Buy adverts would go after that. Maybe Bigelow could build a module painted to look like a black and white VW bug with the orange sticker on the side. (or would the taxi vehicle be painted in those colors?) This could be so much better then Arthur Clarke's idea fifty years that the first advert in space would be a Coca Cola logo projected on the lunar surface.

"The ISS itself periodically has an internet connection back to earth"

That's some wireless card they've got...

>>>If Linux is such crap, why can't it catch viruses?

It's not that Linux can't get STD's, it's that it's not having any sex.

No one wants to write a virus whose target is so miniscule.

You copy of windows is NOT genuine therefore we are going to turn off the life support systems until you buy a new key !

"No one wants to write a virus whose target is so miniscule."

"Miniscule" is the intellect of people writing such comments... Ever wondered what runs most of the intertubes you're surfing right now?

No, seriously. The article that I read (http://news.bbc.co.uk/1/hi/technology/7583805.stm) stated that NASA has NO anti-virus systems in place on the ISS - OR laptops used by crew.

"The laptops carried by astronauts reportedly do not have any anti-virus software on them to prevent infection. "

"Muppets who know it won't happen to them because they are too smart" springs to mind...

OK, fair enough, IF the onboard systems are completely isolated from the laptops the astronuts use - which NASA claim is the case - fair enough, there's justification for keeping those systems as 'clean' as possible.

Let's take the risky ('risky'? Yes. given the level of incompetence evident here, I think that's a fair assessment) assumption that that is the case.

That leaves NASA clearly in the position of having NO 'corporate' policy regarding virus/spyware/malware protection for portable computers used by their staff/visitors (God alone knows what the situation is throughout the rest of the 'organisation'!).

And that suggests a level of irresponsibility that is, especially in this case, beyond belief.

In my area own of professional responsibility I ensure that all systems are adequately protected, staff are made aware that they MUST use the recommended protection software (which I provide and if required will install and set up) on their own systems, both 'home' and 'private' laptops (it's a publishing company, anyone with experience of such outfits will be aware of why this is necessary...).

In addition, visitors are NOT allowed access to the network until their laptops have been checked for adequate protection.

Anyone failing to comply is held directly responsible in the event of problems arising as a result.

So, who the hell's in charge of NASA's IT security?

Ah, right, that would be the complete tosser who's already mumbled excuses about "USB drives"

"It is thought that the virus might have travelled via a flash or USB drive owned by an astronaut and taken into space."

Nice try asshole - but IF you were doing your job, IF NASA had something resembling a half competent IT security policy, it couldn't have happened...

Pop in an external device with infected files and the software you didn't even have installed would have prevented the issue, after all, it's not as if this was a brand new (August 2007 FFS!) previously unheard of worm...

No wonder this outfit has a record of incinerating Shuttle crews!

It's blindingly obvious that NASA's management is totally incompetent.

Unfair? Nope. Shit runs downhill. If you find an organisation that has a record of failure to perform, in my experience, the problem starts at the top.

And while I may not be qualified to comment on NASA's inability to keep Shuttle crews alive, I certainly am qualified to judge their inability to handle IT security!

"We are aware that there is far less malware in the wild for Linux than Windows"

Quite an understatement. How many Linux viruses have you ever encountered *in the wild*? In the last decade I've seen none, despite administering thousands of Linux boxes for very attractive security targets such as ISPs and high street banks.

"Yes, Linux is susceptible to malware. The fact that is far easier to compromise a Windows box than a Linux one, does not mean that Linux is not susceptible."

Of course every OS is susceptible to malware in theory but ultimately it's practicalities that matter. Had NASA been running Linux on those laptops what would have been the realistic chances of those machines being infected by a virus?

"Oh look a new Linux vulnerability from last week"

DOS != virus

"The only joke here is the standard anti Microsoft posts"

Is it any wonder people make anti-M$ posts given its pathetic security history?

... is susceptible to viruses is a Muppet.

Do you even know the difference between Linux/Unix and Windows? I feel like am arguing with monkeys. This is the kind of ignorance Microsoft profits from...

National Anti-virus Sucks Again......oh forget it. That dint come out right.