According to the Wired blog, non-critical laptops in the International Space Station were infected in July with malware: according to spaceref.com it was a (fairly old)password stealer that captures gaming credentials and spreads using autorun.inf (See? We told you these were problems!). Spaceref.com also reckon that quite a few systems on the space station don’t carry anti-malware software, though the Wired story suggests that they aren’t connected directly to the wild and woolly Internet, and that (literally) uploaded data is scanned at ground level.
I don’t know for sure how the malware was spread, of course, and the chances are that if NASA do, they won’t say for "security reasons" (suddenly I’m reminded of Rob Slade’s story about a financial institution that contacted him for help with a virus problem, but wouldn’t let him into their premises because it would violate security…). Still, there may well be a moral here about protecting the perimeter without taking into account the individual user’s ability to compromise internal security – for example, by using removable media – and the need to consider the unthinkable possibility that their primary defenses might at some point fail.
(It’s not yet been confirmed that the space budget is now submitted in Linden dollars as well as US dollars.)
Thanks to Nick FitzGerald for bringing this story to our attention. Unfortunately he’s already cracked the joke about anti-virus being rocket science, so I guess I can’t.
Malware Intelligence Team
Author David Harley, We Live Security