NASA confirmed this week that a computer on the International Space Station is infected with a virus. (See "Houston, we have a virus" at The Register.)
The malicious software is called W32.TGammima.AG, and technically it's a worm. The interesting point, other than how NASA could let this happen, is the way the worm spreads--on USB flash drives.
Randy Abrams, director of technical education at ESET, alerted me about this. Touching on both interesting points, he said:
To start with, no computer going into space should have autorun enabled. Simply disabling autorun would have almost certainly rendered the worm inert. Given that age of the worm, and its low risk ranking, it is probable that current (antivirus) software was not being used either.
Malicious software spread by USB flash drives and other removable media takes advantage of a questionable design decision by Microsoft. Windows is very happy to run a program automatically when a USB flash drive is inserted into a PC. How convenient, both for end users and for bad guys.
In his December blog, Abrams writes, "Fundamentally, there are two types of readers here. The first type will disable autorun and be more secure. The second type will eventually be victims."
Don't be a victim, disable autorun (also known as autoplay) for all devices. It may be a bit inconvenient going forward, but to me, the added safety is well worthwhile.