Aug 28 2008

Chinese hacker malware infects International Space Station?

Published by at 3:31 am under Chinese Malware

Breaking news is that the International Space Station has been infected by the W32.Gammima.AG trojan. The trojan is also referred to as the kavo.exe virus and is designed to gather information on ten online games:

ZhengTu
Wanmi Shijie or Perfect World
Dekaron Siwan Mojie
HuangYi Online
Rexue Jianghu
ROHAN
Seal Online
Maple Story
R2 (Reign of Revolution)
Talesweaver

Not familiar with all the games but most are Chinese or Korean. Chinese hackers specialize in stealing online gaming information. Symantec also offers up this bit in its writeup:

The worm ends the Matrix Password process if it finds a dialog box with the following characteristics:
Title: MatrixPasswordDlg
Message: Warning! (In Chinese characters)

Will check more into the origin of this malware later today but all indicators suggest that it could be Chinese.

7 responses so far

7 Responses to “Chinese hacker malware infects International Space Station?”

  1. Eastwoodon 28 Aug 2008 at 11:15 am

    Interesting. Wonder how it got there…

  2. jumperon 28 Aug 2008 at 2:44 pm

    Personal thumb drive.

    Too bad for TDV. It would have been a lot more interesting if Chinese hackers had hacked some satellite link and compromised the computer.

  3. Heikeon 28 Aug 2008 at 3:07 pm

    Famous last words, “Now which is my WoW thumb drive and which is my rocketship thumb drive? Oh well, doesn’t matter.” :)

  4. Anthony S. Policastroon 29 Aug 2008 at 5:59 am

    Wow. Do you think the virus can affect other areas of the satellite besides games? I would think they could and this would be a real problem.
    Check out my book on cyber terrorism, Dark End of the Spectrum at http://www.lulu.com/content/3515824
    My plot involves hacking into the cell phone network and controlling anything with software.

  5. Aaronon 29 Aug 2008 at 10:55 pm

    watch the chinese jail all malware starters.

  6. CBRP1R8on 01 Sep 2008 at 7:39 am

    Wow. Do you think the virus can affect other areas of the satellite besides games? I would think they could and this would be a real problem.
    Check out my book on cyber terrorism, Dark End of the Spectrum at http://www.lulu.com/content/3515824
    My plot involves hacking into the cell phone network and controlling anything with software.

    –Most certainly. If the virus or malware or whatever entity is propgated from the thumb drive in this case to the computers (in this case the laptop) were devised to soley replicate until complete Ddos’ing the box then that will surely affect some systems onboard the spacecraft. I mean in general, that is the whole point in the system check to make sure it is clear. Some astronub had to have plopped his Wow thumbdrive on it for sure, probably running a game off the thumb, thus bringin’ in the malware.

    Now had that laptop controlled a critical system, like say, oh life support and/or navigation/thrusters that sorta thing then they could have died, been set off course or burned up in the atmosphere when a retro rocket kicked on sporatically. The “space” is the limited so to speak in this case.

    Now take that one step further, and you “network” that infected computer to the rest of your stations integrated systems and even if only one had been infected now you’ve got hundreds(?) of infections spread across the entire useless station, all due to 1 little thumbdrive bug. Jumper had the right mind set when he said I woulda been impressed w/ a satty cross site hack.

    :D

  7. Heikeon 01 Sep 2008 at 1:21 pm

    So much for a stand-alone system. Does the space station qualify as a stand-alone? Anyway, my new theme is “nothing untouched.” The largest vulnerability to any information system is us.

    This gets into the argument over the NIPR and SIPR Nets. Doesn’t matter they can’t get to the SIPR. Really? Plus, when about 80% of communications take place on the NIPR, I not sure which one is more valuable.