What is Gammima?
Gammima is a common term used to describe W32.Gammima.AG, a computer worm that can replicate itself on all drives present in an operating system, including removable storage media such as flash drives, USB, etc ...
Some popular online games played in the Far East are particularly at risk. This virus tries to collect user passwords and send them to a central server.
The virus was first discovered on the International Space Station (ISS) in August 2007. NASA (US National Aeronautics and Space Administration) reported that laptops on board the ISS were infected with the worm. However, the command and control systems of the ISS remain untouched as the virus only targets passwords and user accounts from online games. The laptops carried by the astronauts do not have anti-virus protection. So the virus went undetected for almost three months.
The ISS did not have a direct internet connection and all traffic transmitted from Mission Control to the ISS was monitored for content. The virus may have been transmitted from an astronaut's USB drive.
The worm spreads on all removable media on the victim's computer. Every time the operating system starts, the worm starts itself and looks for new removable drives. The worm steals information related to online games. The user should take precautions to deny all incoming connections and only allow trusted services. The worm can also monitor the Internet Explorer browser and steal passwords for the Maple Story online game.
The stolen information is sent to a central server via email or HTTP. The worm also looks for anti-malware programs installed on the victim's computer and may try to disable them.