Some iPod Players Contain A Worm That Infects Windows PCs

Apple characterized the malware as a minor threat, saying most antivirus software will detect and remove it. However, the worm afforded Apple the opportunity to fire off yet another criticism of Windows security.

Gregg Keizer, Contributor

October 18, 2006

2 Min Read

Less than a week before the fifth anniversary of its iPod, Apple Computer on Tuesday warned that some of its recently-shipped music players contained a worm that infected Windows PCs.

According to a notice posted on its support site, Apple said that a small number of Video iPods made after Sept. 12 harbored a worm that slipped onto at least 25 PCs. Although Apple identified the malware as RavMonE.exe, several security companies said the Cupertino, Calif. computer maker had it wrong.

"RavMonE.exe actually comes from a perfectly legitimate program called RAV Anti-Virus so it would be wrong to call a piece of malware by this name," said Graham Cluley, senior technology consultant at U.K.-based security firm Sophos. "Hackers sometimes spoof the names of legitimate programs to cause greater confusion." Both Sophos and rival McAfee said that they suspected the malware was from the RJump worm family.

Apple downplayed the threat to iPod users. "A small number, less then one percent, of the Video iPods available for purchase after September 12, 2006, left our contract manufacturer carrying the virus. This known virus affects only Windows computers, and up-to-date anti-virus software which is included with most Windows computers should detect and remove it."

The company took another, more direct shot at Windows, which it has lambasted in a series of high-profile television ads. "As you might imagine, we are upset at Windows for not being more hardy against such viruses," Apple said.

Ironically, an exchange last month on Apple's own discussion forums dealt with an iPod and suspected malware. "Can the iPod be infected by a virus?" asked a Windows user identified as "eculor." From "KoDor," a Mac user, came the reply: "noif you have one, yours would be the first."

The iPod incident is the second this week involving malicious code found on a music player. In Japan, fast food chain McDonalds recalled more than 10,000 MP3 players that had been given as contest prizes, but which also were infected with the QQPass Trojan horse.

McAfee has updated its free Stinger malware detector and destroyer to include signatures for both RJump and QQPass.

About the Author(s)

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights