That rocks. Apparently Apple is so used to not dealing with viruses, they forgot to protect the handful of pc's they own.

...or perhaps there is an 'evil' plot to to open up PC's even further to attack so that ipod buyers get fed up and migrate over to Mac OS.

But then why disclose the info? jk

it was someones last day and they said 'wouldnt it be funny if i..."

"As you might imagine, we are upset at Windows for not being more hardy against such viruses"

heh!

...the Zune marketing strategy. Microsoft did it!!!

I can't imagine those production line PCs would be online. Someone probably brought an infected disk or other media from home and used it on the computer.

"As you might imagine, we are upset at Windows for not being more hardy against such viruses"

First, Greg, its a worm, not a virus.

Second, what world have you been living in to think that Windows is more virus-resistant then it really is (i.e. not at all)? Maybe you should watch your own commercials touting how Windows are always infected.

Third, what does this say about the state of Apple's Window's software? Do they not concern themselves with viruses and the like, and are therefore prone to be susceptible? Is this just one guy trying to deflect the blame onto MS (h***, you might as well also blame A-Rod for the troubles!).

Although, on the plus side (I guess), it appears that this worm infects external media, and is not an iPod virus per se. Although it would be better if Apple had machines that weren't infected.

Mr. Joswiak speaking to the general public: "It appears this virus propagates to a PC when an iPod containing the virus is double-clicked in Windows Explorer. Technically it's a worm. It does not spread through a network."

In reference to the infected RavMonE.exe file, which in actuality is a Trojan horse, he uses the word "propagates" to help justify the malware as being a worm. Unfortunately, he further contradicts himself that "it does not spread through a network." I have news for Greg: The reason the RavMonE.exe file does not spread through a network is that it is not a worm. The RavMonE.exe file is indeed a Trojan horse.

RavMonE.exe is a file that originated from RAV Antivirus software. So, the Troj/Bdoor-DIJ Trojan masquerades itself as "RavMonE.exe" in an attempt to fool the user that it is part of the RAV AV software. The Trojan lies dormant on the infected iPod, and is activated once connected to a Windows PC. It traverses no network at this point.

The infected PC will act as a proxy server, contacting a remote site to report the infection and the availability of the proxy. This is also classic Trojan behavior. Furthermore, the infected PC will not infect other Windows PCs on the network or anywhere else on the Internet. If it did, then it could be classified as a worm.



Links: Troj/Bdoor-DIJ Trojan Summary on Sophos.com Define Propagation Google Search Worm defined on Viruslist.com Trojan horse defined by Webopedia Trojan horse defined by Wikipedia Trojan defined by Viruslist.com

"Furthermore, the infected PC will not infect other Windows PCs on the network or anywhere else on the Internet. If it did, then it could be classified as a worm."

To elaborate, the infected PC will not infect others simply being on a network or connected to the Internet because the malware will not traverse the network at all. It will basically serve as a "beacon" to the following URLs:

http://natrocket.kmip.net:5288/ret[REMOVED] http://natrocket.kmip.net:5288/ies[REMOVED] http://natrocket.9966.org:5288/ies[REMOVED] http://scipaper.kmip.net:80/ies[REMOVED]

Its only possible means of "spreading" is via an external drive. Antivirus companies make no note that it will spread itself via a network connection.

First, I must say that I stand behind the statement that the infected RavMonE.exe file, created using the py2exe tool, is still a Trojan. It masquerades itself as a legitimate file.

Now, upon further research, I see that it may indeed copy itself to a mapped drive (aka network share). This is the only reason others may be able to classify the malware as a worm. However, I have also noticed that every site that calls it a worm, uses the word, "may" indicating to me that it is only a possible occurrence.