Apple Shipped iPods Carrying Windows VirusBy Matt Hines | Posted 2006-10-18 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
A small number of the portable digital media players were sent to customers bearing a Windows Trojan that could allow attackers to target end users' PCs.
Apple Computer has reported that a small number of its popular video iPods were infected with a virus that targets Windows PCs before they were sold to consumers.
According to a statement issued by the hardware maker on Oct. 17, roughly 1 percent of the iPod Video devices it has shipped since Sept. 12 were loaded with the RavMonE.exe Windows Trojan during manufacturing.
The Cupertino, Calif.-based company said that it has received only 25 individual reports of incidents where the virus has been discovered by users who bought the handheld gadgets since that date, and reported that all of its products, including newly shipped models of the affected device, have been cleansed of the malware program.
The RavMonE.exe code is an attack that only affects Windows computers and propagates itself via storage devices. Once infected, computers carrying the program can be forced to open links to malicious Web sites that may drop additional malware onto the machines. As a result, Apple encouraged users who may have infected iPods to scan any mass storage devices that they have attached to their Windows computers, such as external hard drives, digital cameras with removable media, and USB flash drives.
Apple, who blamed a contract manufacturer for allowing the infected iPods to be shipped, said that since RavMonE.exe is a known attack, it is already covered by most popular Windows anti-virus applications. The company indicated that concerned users could also protect themselves further by updating to the latest version of its iTunes software.
In apologizing for the situation, Apple officials couldn't resist the opportunity to take a shot at Microsoft's Windows operating system, which holds a vast lead in worldwide market share compared with Apple's Mac OS X. Apple has long touted the security of its software as a major benefit in comparison to Windows.
"As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it," the company said in its statement.
The iPod-borne Windows virus could serve as another reason for enterprise IT administrators to ban users from bringing the multimedia players into the office. The entertainment devices have already been forbidden at many data-sensitive companies based on their perceived threat as a means for unauthorized downloading of valuable corporate information. Security experts refer to the use of the Apple machines in such a manner as "iPod slurping."
Some anti-virus vendors, notably Abingdon, England-based Sophos, criticized Apple for referring to the attack as simply the RavMonE.exe Windows virus. That virus name could represent a range of different exploits, experts with the security company said.
"There are a number of different pieces of malware that use a file called RavMonE.exe and so we don't know at the moment precisely which Trojan horse or virus may have been shipped," said Graham Cluley, senior technology consultant for Sophos. "The name RavMonE.exe actually comes from a perfectly legitimate program called RAV Anti-Virus so it would be wrong to call a piece of malware by this name. Hackers sometimes spoof the names of legitimate programs to cause greater confusion."
Cluley said that Sophos is investigating the issue further and expects to provide more specific details of the correct name of the malware on the iPods, but he said the program is most likely a member of the W32/RJump virus family.
Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.