Godlike Productions Banner
Users Online Now: 780 (Who's On?)Visitors Today: 85,225
Pageviews Today: 218,802Threads Today: 330Posts Today: 4,926
12:41 PM
Join Now, Free! (& No Ads) | FAQ | Links | Link to Us
 New! GLP YOUTUBE CHANNEL | GLP Radio! | Contact
ForumDiscussion TopicsAdvanced SearchNewsGallery
ForumTopicsAdv. SearchNewsGallery

News

Back to Forum
Back to Forum		Post a New Thread
Post New Thread		Reply to this Thread
Reply		View Your Favorites
View Favorites
Rate this Thread
Absolute BS Crap Reasonable Nice Amazing
 

NASA space station computer infected with virus?

 RSS 
Anonymous Coward
User ID: 487016
8/27/2008 2:50 PM
Report abusive post
NASA space station computer infected with virus?
Quote

A virus in space?

Channel 4 News

Last Modified: 27 Aug 2008
By: Benjamin Cohen

Nasa has confirmed that laptops aboard the International Space Station (ISS) became infected with the Gammima.AG computer virus.

The computer virus that infects machines in order to steal login details for online games and although it is a nuisance, it isn't considered to be a highly serious virus.

However, the fact that the laptops used by astronauts to send emails, watch videos and record details relating to experiments did get infected is a cause of concern.

The machines reportedly did not have anti-virus protection, although Nasa told Channel 4 News that they were not mission critical machines.

However, when I asked their spokesman Kelly Humphries whether they were connected to the ISS's mission critical computer network, the telephone line appeared to go down.

After about twenty seconds of silence, I asked, "are you still there?", he replied:"yes" although when I repeated the question, the line went dead again.

After repeating this part of the conversation for five minutes, Nasa refused to deny that the computers were indeed connected to the network, but then they also refused to say they were.

Nasa said it's not the first time a computer has been infected with a virus. When I asked "is it then routine?" I was told "it's not routine but it's a nuisance"
***********************************************
[link to www.channel4.com]
markusmaximus Subscriber
Yes, I scare my pets.
User ID: 148742
8/27/2008 2:50 PM
Re: NASA space station computer infected with virus?Quote

Transformers have arrived.
Don't Panic.

P=fl²
P - Peace; f - Freedom; l - Love
colive2
Anonymous Coward
User ID: 229029
8/27/2008 2:51 PM
Re: NASA space station computer infected with virus?Quote

ISiS is about to be sacrificed.
Anonymous Coward
User ID: 233945
8/27/2008 2:58 PM
Re: NASA space station computer infected with virus?Quote

The machines reportedly did not have anti-virus protection
 Quoting: NASA

they deserve no better, even old rubbish home computers have at least a cheap or even free AV.

if nasa wants a darn good AV but doesn't want to spend any money, they should get a enterprise AV for free..warez it's called. free but illegal...and hey, we all know that nasa doesn't have a problem with illegal stuff...don't we...
antwan
User ID: 492035
8/27/2008 3:01 PM
Re: NASA space station computer infected with virus?Quote

lol i know since last 3 days
Me Wanzt Me Gold You Bitches !
All HAIL MIGHTY THOR!!
THERS GONNA BE HUMABEEF ON THE MENU TODAY KIDS :)RUN RUN THE FEDERALES ARE COMING ....SELL THE PUTAHOE'S FAST AMIGO

A motivated starving person is only capable of walking about three days. The more distance you put between yourself and anyone who is likely to be hungry, the better.
Anonymous Coward
User ID: 487016 (OP)
8/27/2008 3:04 PM
Re: NASA space station computer infected with virus?Quote

The virus collects info about games, passwords, etc and sends it back to the attacker. According to Symantec:

W32.Gammima.AG
Risk Level 1: Very Low

Discovered: August 27, 2007
Updated: August 27, 2007 11:08:32 AM
Also Known As: Worm.Win32.AutoRun.bhx [Kaspersky]
Type: Worm
Infection Length: 75,520 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When the worm executes, it creates the following files:

* %System%kavo.exe
* %System%kavo0.dll

The file kavo0.dll is then injected into all running processes.

It also creates the following file, which is a copy of Hacktool.Rootkit:
%Temp%[RANDOM FILE NAME].dll

The worm then copies itself to all drives from C through Z as the following file:
[DRIVE LETTER]:
tdelect.com

It also creates the following file so that it executes whenever the drive is accessed:
[DRIVE LETTER]:autorun.inf

Next, the worm creates the following registry entry so that it executes whenever Windows starts:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun "kava" = "%System%kavo.exe"

It then modifies the following registry entries:

* HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExpl orerAdvancedFolderHiddenSHOWALL"CheckedValue" = "0"
* HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplo rerAdvanced"Hidden" = "2"
* HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplo rerAdvanced"ShowSuperHidden" = "0"
* HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionPocil iesExplorer"NoDriveTypeAutoRun" = "0x91"

The worm checks if it has been injected into any of the following processes:

* zhengtu.dat
* elementclient.exe
* dekaron.exe
* hyo.exe
* wsm.exe and ybclient.exe
* fairlyclient.exe
* so3d.exe
* maplestory.exe
* r2client.exe
* InphaseNXD.EXE

It then attempts to steal sensitive information for the following online games:

* ZhengTu
* Wanmi Shijie or Perfect World
* Dekaron Siwan Mojie
* HuangYi Online
* Rexue Jianghu
* ROHAN
* Seal Online
* Maple Story
* R2 (Reign of Revolution)
* Talesweaver

The worm ends the Matrix Password process if it finds a dialog box with the following characteristics:
Title: MatrixPasswordDlg
Message: Warning! (In Chinese characters)

The harvested information is then sent to the remote attacker via HTTP.
Recommendations

Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":

* Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.
* If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
* Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services (for example, all Windows-based computers should have the current Service Pack installed.). Additionally, please apply any security updates that are mentioned in this writeup, in trusted Security Bulletins, or on vendor Web sites.
* Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
* Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
* Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.
* Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.

Writeup By: Masaki Suenaga
*************************************************
[link to www.symantec.com]
Anonymous Coward
User ID: 487016 (OP)
8/27/2008 3:09 PM
Re: NASA space station computer infected with virus?Quote

lol i know since last 3 days
 Quoting: antwan

Oh really? Do you work for Channel 4 news or NASA, then?

As the virus was only discovered today, according to the Symantec website, I doubt you could have known what the virus was for three days. But then, perhaps you also work for Symantec, as well as NASA. LOL.
Back to Forum
Back to Forum		Post a New Thread
Post New Thread		Reply to this Thread
Reply		View Your Favorites
View Favorites
Vote for Us!
Vote For Godlike Productions!
Vote for Us!  Valid HTML 4.01 Transitional



Disclaimer:
This website exists for entertainment purposes only. The reader is responsible for discerning the validity, factuality or implications of information posted here, be it fictional or based on real events. Moderators on this forum make every effort to review the material posted on this site however, it is not realistically possible for our small staff to manually review each and every one of the more than 5000 posts GodlikeProductions gets on a daily basis. The content of posts
on this site, including but not limited to links to other web sites, are the expressed opinion of the original poster and are in no way representative of or endorsed by the owners or administration of this website. The posts on this website are the opinion of the specific author and are not statements of advice, opinion, or factual information on behalf of the owner or administration of GodlikeProductions. This site may contain adult content and if you feel you might be offended by such content, you should log off immediately.

Not all posts on this website are intended as truthful or factual assertion by their authors. Some users of this website are participating in internet role playing, with or without the use of an avatar. NO post on this website should be considered factual information on face value alone. Users are encouraged to USE DISCERNMENT and do their own follow up research while reading and posting on this website. Godlikeproductions.com reserves the right to make changes to, corrections and/or remove entirely at any time posts made on this website without notice. In addition, Godlikeproductions.com disclaims any and all liability for damages incurred directly or indirectly as a result of a post on this website.

This site is provided "as is" without warranty of any kind, either expressed or implied. You should not assume that this site is error-free or that it will be suitable for the particular purpose which you have in mind when using it. In no event shall Godlikeproductions.com be liable for any special, incidental, indirect or consequential damages of any kind, or any damages whatsoever, including, without limitation, those resulting from loss of use, data or profits, whether or not advised of the possibility of damage, and on any theory of liability, arising out of or in connection with the use or performance of this site or other documents which are referenced by or linked to this site.

Some events depicted in certain posting and threads on this website may be fictitious and any similarity to any person living or dead is merely coincidental. Some other articles may be based on actual events but which in certain cases incidents, characters and timelines have been changed for dramatic purposes. Certain characters may be composites, or entirely fictitious.

We do not discriminate against the mentally ill!

Fair Use Notice:
This site may contain copyrighted material the use of which has not always been specifically authorized by the copyright owner. Users may make such material available in an effort to advance awareness and understanding of issues relating to civil rights, economics, individual rights, international affairs, liberty, science & technology, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C.Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes.
For more information please visit:
http://www.law.cornell.edu/uscode/17/107.shtml

This Disclaimer is subject to change at anytime.

Mail Webmaster with questions or comments about this site.

Page generated in 0.632s (6 queries)