toggle

AAPL Stock: 111.78 ( -0.87 )

Printed from http://www.macnn.com

Windows worm found in video iPods

updated 05:35 pm EDT, Tue October 17, 2006

Worm found in video iPods

Apple is warning Microsoft Windows users that a small number of its latest video iPods shipped with a worm. Apple has updated its technical support site with a warning to Windows users: "We recently discovered that a small number - less than 1 per cent - of the video iPods available for purchase after September 12 left our contract manufacturer carrying the Windows RavMonE.exe virus." According to Macworld UK, Apple has only received 25 reports concerning the problem so far; the worm does not affect data on infected Windows systems. "The iPod nano, iPod shuffle and Mac OS X are not affected, and all video iPods now shipping are virus free," said Greg Joswiak, vice president at Apple. The Cupertino-based company has a number of Windows systems on its production line for quality control, and one of these "final test" stations was discovered as the source of the propagating worm.

"It appears this virus propagates to a PC when an iPod containing the virus is double-clicked in Windows Explorer. Technically it's a worm. It does not spread through a network."

The Apple executive said there was an exception in the production line process that is now remedied, adding his belief that Apple now has a process to ensure it doesn't happen again. "It's the first time this has happened to us and we wanted to be very open and up-front about what's happening. We first learned of this a week ago," Joswiak said. "Since then we have been working around the clock on this, discovering the root cause."

Although the worm does not do any damage to data on Windows systems, it can lower the security settings of an infected system, according to Apple, and should be removed from any infected machine. The worm propagates itself through mass storage devices and affects only Windows computers. Apple says up-to-date anti-virus software that comes bundled with most Windows systems should detect and remove the worm.

"As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it," Joswiak said. The company has published links to trial version downloads of anti-virus applications which are known to detect and destroy the worm, accommodating those Windows users who may not already have anti-virus software installed. Once installed, users are encouraged to attach their iPod to their Windows computer and run the anti-virus software. Users are also instructed to run the "Restore" function in iTunes 7 to restore the software on the affected iPod, according to the report. Additionally, Apple is suggesting users scan all existing external storage devices, including hard drives and digital camera memory cards for the worm.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. r00b69

    Joined: Dec 1969

    0

    hahaha

    That rocks. Apparently Apple is so used to not dealing with viruses, they forgot to protect the handful of pc's they own.

  1. danviento

    Joined: Dec 1969

    0

    OR

    ...or perhaps there is an 'evil' plot to to open up PC's even further to attack so that ipod buyers get fed up and migrate over to Mac OS.

    But then why disclose the info? jk

  1. FastAMX79

    Joined: Dec 1969

    0

    i bet...

    it was someones last day and they said 'wouldnt it be funny if i..."

  1. climacs

    Joined: Dec 1969

    0

    slam

    "As you might imagine, we are upset at Windows for not being more hardy against such viruses"

    heh!

  1. himself

    Joined: Dec 1969

    0

    I call this...

    ...the Zune marketing strategy. Microsoft did it!!!

  1. climacs

    Joined: Dec 1969

    0

    how it happened

    I can't imagine those production line PCs would be online. Someone probably brought an infected disk or other media from home and used it on the computer.

  1. testudo

    Joined: Dec 1969

    0

    Re: slam

    "As you might imagine, we are upset at Windows for not being more hardy against such viruses"

    First, Greg, its a worm, not a virus.

    Second, what world have you been living in to think that Windows is more virus-resistant then it really is (i.e. not at all)? Maybe you should watch your own commercials touting how Windows are always infected.

    Third, what does this say about the state of Apple's Window's software? Do they not concern themselves with viruses and the like, and are therefore prone to be susceptible? Is this just one guy trying to deflect the blame onto MS (h***, you might as well also blame A-Rod for the troubles!).

    Although, on the plus side (I guess), it appears that this worm infects external media, and is not an iPod virus per se. Although it would be better if Apple had machines that weren't infected.

  1. JoeE

    Joined: Dec 1969

    0

    Here we go again...

    Mr. Joswiak speaking to the general public: "It appears this virus propagates to a PC when an iPod containing the virus is double-clicked in Windows Explorer. Technically it's a worm. It does not spread through a network."

    In reference to the infected RavMonE.exe file, which in actuality is a Trojan horse, he uses the word "propagates" to help justify the malware as being a worm. Unfortunately, he further contradicts himself that "it does not spread through a network." I have news for Greg: The reason the RavMonE.exe file does not spread through a network is that it is not a worm. The RavMonE.exe file is indeed a Trojan horse.

    RavMonE.exe is a file that originated from RAV Antivirus software. So, the Troj/Bdoor-DIJ Trojan masquerades itself as "RavMonE.exe" in an attempt to fool the user that it is part of the RAV AV software. The Trojan lies dormant on the infected iPod, and is activated once connected to a Windows PC. It traverses no network at this point.

    The infected PC will act as a proxy server, contacting a remote site to report the infection and the availability of the proxy. This is also classic Trojan behavior. Furthermore, the infected PC will not infect other Windows PCs on the network or anywhere else on the Internet. If it did, then it could be classified as a worm.



    Links: Troj/Bdoor-DIJ Trojan Summary on Sophos.com Define Propagation Google Search Worm defined on Viruslist.com Trojan horse defined by Webopedia Trojan horse defined by Wikipedia Trojan defined by Viruslist.com

  1. JoeE

    Joined: Dec 1969

    0

    ...

    "Furthermore, the infected PC will not infect other Windows PCs on the network or anywhere else on the Internet. If it did, then it could be classified as a worm."

    To elaborate, the infected PC will not infect others simply being on a network or connected to the Internet because the malware will not traverse the network at all. It will basically serve as a "beacon" to the following URLs:

    http://natrocket.kmip.net:5288/ret[REMOVED] http://natrocket.kmip.net:5288/ies[REMOVED] http://natrocket.9966.org:5288/ies[REMOVED] http://scipaper.kmip.net:80/ies[REMOVED]

    Its only possible means of "spreading" is via an external drive. Antivirus companies make no note that it will spread itself via a network connection.

  1. JoeE

    Joined: Dec 1969

    0

    Clarification/Correction

    First, I must say that I stand behind the statement that the infected RavMonE.exe file, created using the py2exe tool, is still a Trojan. It masquerades itself as a legitimate file.

    Now, upon further research, I see that it may indeed copy itself to a mapped drive (aka network share). This is the only reason others may be able to classify the malware as a worm. However, I have also noticed that every site that calls it a worm, uses the word, "may" indicating to me that it is only a possible occurrence.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lackin ...

toggle

Most Commented