You’d think the United States’ space agency, which conducts highly sensitive research and has had its servers hacked before would be extremely thorough about computer security, but that does not appear to be the case. A worm that steals online gamers’ user names and passwords has been running rampant on laptops on the International Space Station (ISS).
Fortunately, there is no risk of the ISS hurtling out of control back to Earth. Antivirus vendor Symantec’s malware database entry said the code is only used to steal account information to online games.
The worm, known as W32.Gammima.AG, is spread through removable media such as USB drives and external hard drives. Gamimma steals sensitive information for various online games, including ROHAN, R2 (Reign of Revolution), Talesweaver, Seal Online, and several games popular mainly in China, including ZhengTu and HuangYi Online, according to Symantec, which wrote up the Gamimma worm on August 27, the day it was discovered.
In its paper on Gamimma, Symantec said the worm offers a very low risk. It affects all Windows systems, copying itself to all drives from C through Z and modifying the registry so it executes whenever Windows starts.
According to a white paper by Avert Labs researcher Igor Muttik, data-stealing Trojans (like Gamimma) record user IDs and passwords as well as the IP addresses or the names of the servers they use. This information lets cybercriminals log into the victims’ accounts and steal anything of value, which they then sell.
Because NASA computers have been infected before, the agency needs to take a very close look at what it’s doing, Marcus said. “Things are not locked down or as tight as they should be,” and Marcus recommended NASA “look at real strong management and real strong policy enforcement.”