lnicholas.hsiao 2008-8-31 09:59
諾頓上太空
Malware infects space station laptops
[url]http://news.idg.no/cw/art.cfm?id=05DCD2CF-17A4-0F78-31AECA4CAC7F7E6B[/url]
Malware has managed to get off the planet and onto the International Space Station, NASA confirmed today. And it's not the first time that a worm or virus has stowed away on a trip into orbit.
Malware has managed to get off the planet and onto the International Space Station, NASA confirmed today. And it's not the first time that a worm or virus has stowed away on a trip into orbit.
The attack code, which space news site SpaceRef.com identified Monday as "W32.Gammima.AG," infected at least one of the laptops used on the station, an international effort headlined by the U.S. and Russia.
NASA spokesman Kelly Humphries declined to identify the malware, saying only that anti-virus software detected a worm on July 25.
The first public report of malware about the ISS was logged earlier this month, on Aug. 11. In NASA's daily status report on the station that day, the agency said. Sergey Volkov, the International Space Station (ISS) commander, was "working on the Russian RSS-2 laptop" and "ran digital photo flash cards from stowage through a virus check with the Norton AntiVirus application."
A week later, on Aug. 21 Volkov "checked another Russian laptop, today RSK-1, for software virus by scanning its hard drives and a photo disk."
The next day, Volkov transmitted antivirus scanning results from the laptop to Earth, and American astronaut Greg Chamitoff scanned another computer for possible infection. NASA also said in Friday's report that all laptops on board the ISS were being loaded with anti-virus software.
"All A31p laptops onboard are currently being loaded with [the] latest [Norton AntiVirus] software and updated definition files for increased protection," said NASA.
W32.Gammima.AG, the name Symantec Corp., maker of Norton AntiVirus, gives the malware, is a year-old Windows worm designed to steal information from players of 10 different online games, some of them specific to the Chinese market. Among the games: ZhengTu, HuangYi Online and Rohan.
The worm also plants a rootkit on the infected system, and transmits hijacked data to a remote server.
Today, Humphries said that the worm poses no threat. "It was never a threat to any command-and-control or operations computer," he said. He refused to detail how the malware snuck aboard, citing "IT security issues," but other sources, including SpaceRef.com, speculated that it might have stowed away on a laptop or a flash card.
In fact, the Aug. 11 ISS log entry hinted at digital camera storage cards as a suspect.
"There have been other incidents," confirmed Humphries, who works at the Johnson Space Center in Houston, Tex. "I don't know when the first one was, but the station will have been in orbit for 10 years [come] November."
"If there is any good news at all, it's that the malware was designed to steal usernames and passwords from computer game players, not something that orbiting astronauts are likely to be spending a lot of time doing," said Graham Cluley, a senior technology consultant with Sophos Plc., in a post to that company's blog today. "After all, with a view like that who needs to play the likes of World of Warcraft?"
ALPHONSE 2008-8-31 10:15
目前ISS用了數台IBM ThinkPad A31p
[url]http://www.thinkwiki.org/wiki/Category:A31p[/url]
# Intel Mobile Pentium 4-M 1.7, 1.8 or 2.0GHz
# ATI Mobility FireGL 7800 with 64MB
* 15.1" TFT display with 1600x1200 resolution
# 256MB PC2100 memory standard
# 40, 60 or 80GB HDD
和ThinkPad 760,770 (Intel Pentium MMX)
-----------------------------------------------
ZhengTu 征途
[url]http://zt.ztgame.com/[/url]
HuangYi Online
黃易
Rohan 洛汗
[url]http://www.rohan.com.tw/main.html[/url]
以上有不少的私服和外掛,偷密碼或木馬的惡意程式流通....
NASA大概很難知道網路遊戲在東方有多麼的....
[[i] 本帖最後由 ALPHONSE 於 2008-8-31 10:25 編輯 [/i]]
天氣預報 2008-8-31 11:02
惡意軟件感染空間站的筆記本電腦
[url]http://news.idg.no/cw/art.cfm?id=05dcd2cf-17a4-0f78-31aeca4cac7f7e6b[/url]
惡意軟件已設法下車,這個星球上和國際空間站上,美國航天局今天證實。它已經不是第一次了蠕蟲或病毒攻擊已裝在一個遠離之行送入軌道。
惡意軟件已設法下車,這個星球上和國際空間站上,美國航天局今天證實。它已經不是第一次了蠕蟲或病毒攻擊已裝在一個遠離之行送入軌道。
該攻擊代碼,這空間的新聞網站spaceref.com確定星期一為“ w32.gammima.ag , ”感染至少有一個筆記本電腦上使用的車站,一項國際努力,大字標題,由美國和俄羅斯。
美國航天局發言人凱利humphries下降,以確定惡意軟件,只說反病毒軟件發現了一個蠕蟲病毒於7月25日。
第一次公開的報告,關於惡意軟件的國際空間站是記錄本月初, 8月11日。在NASA的每日狀態報告就站這一天,該機構稱。謝爾蓋沃可夫,國際空間站( ISS )的指揮官,是“工作對俄羅斯的RSS - 2筆記型電腦”和“然數碼相片的閃存卡從裝載通過病毒檢查與Norton AntiVirus的應用” 。
一個星期後,於8月21日沃可夫“檢查另一位俄羅斯的筆記型電腦,今天rsk - 1 ,軟件病毒掃描,其硬盤驅動器和一張照片磁盤” 。
第二天,沃可夫轉交了防病毒掃描結果從膝上型電腦到地球上,和美國宇航員格雷格chamitoff掃描的另一台計算機可能的感染。美國航天局還表示,在週五的報告指出,所有筆記本電腦在船上國際空間站被裝有反病毒軟件。
“所有a31p筆記本電腦上,目前正在裝貨與[ ]的最新[的Norton AntiVirus ]軟件和最新的定義文件,為加強保護,說: ”航空和航天局。
w32.gammima.ag ,賽門鐵克公司的名稱,製造商的Norton AntiVirus ,給出了惡意軟件,是一個年歲的Windows蠕蟲病毒,旨在竊取信息,從球員的10種不同的線上遊戲,他們中的一些具體到中國市場。其中遊戲: zhengtu , huangyi在線和羅漢。
該蠕蟲也植物rootkit能對受感染的系統,和被劫持的數據傳輸到一台遠程服務器。
今天, humphries說,該蠕蟲不構成威脅。 “這是從來沒有威脅到任何的指揮和控制或操作電腦, ”他說。他拒絕詳細說明惡意snuck上,引用“安全問題” ,但其他來源,包括spaceref.com ,推測它可能有裝外的一台筆記本電腦或閃存卡。
事實上,在8月11日國際空間站的日誌條目暗示,在數碼相機存儲卡作為一個嫌疑人。
“有其他的事件, ”證實humphries ,誰工程在休斯敦的約翰遜航天中心, Tex 。 “我不知道什麼時候第一次是,但該站已在軌道上為十年[來] 11月“ 。
“如果有任何好消息,在所有,它的表示,惡意軟件旨在盜取用戶名和密碼,從電腦遊戲玩家,而不是一些軌道的宇航員很可能是花了很多時間做,說: ”格雷厄姆克魯利,高級技術Sophos的顧問與PLC的,在一個職位,以該公司的博客今天。 “畢竟,以期一樣,誰需要扮演喜歡的魔獸世界” ?