Network News

X My Profile
View More Activity

Apple Says Some iPods Shipped With Virus

Apple Computer this week warned customers that some Video iPods sold over the past five weeks were shipped with a computer virus capable of infecting computers running Microsoft Windows and exposing them to attacks by hackers.

Apple said the virus was embedded in less than 1 percent of the Video iPods available for purchase after September 12, 2006. Greg Joswiak, vice president of iPod product marketing at Apple, said the company traced the virus back to a Windows machine used to test iPod software in the manufacturing process.

Joswiak declined to say how many devices were affected, citing the potential impact on investors closely watching the company's earnings reports today. But he said Apple has corrected the problem and that all video iPods the company is currently shipping are virus-free.

The virus (more accurately, a computer worm) variously dubbed "RavMonE.exe" and "W32/Rjump.worm" by different anti-virus vendors, first surfaced in June and attempts to spread to all memory storage devices attached to an infected computer. It also opens a "back door" on infected PCs that criminals can use to gain access to the machines.

Joswiak said affected Windows users should be able to clean up the problem with up-to-date anti-virus software. Because the virus spreads to all removable media attached to an infected machine, any media inserted into the PC after the acquisition of the Video iPod should also be scanned for infection.

From Apple's advisory: "After installing an anti-virus application, you should attach your Video iPod to your Windows computer and run the anti-virus program. If your Windows system is infected with this virus, an alert will be triggered and inform you that the virus has been detected and either quarantined or removed. You should then use iTunes 7 to easily restore the software on your newly purchased Video iPod."

Apple said it has received fewer than 25 reports about the problem. But Ed Felten, director of the Center for Information Technology Policy at Princeton University, said many Windows users who have this virus on their machines may not have noticed, as it silently installs itself when the users merely plugs the device into their computer.

"This type of thing is a risk that follows from fact that these are storage devices, but also that Windows is designed to accept programs from storage devices very easily," Felten said. "Twenty-five complaints translates into who knows how many people infected."

Eric Gaertner, 19, of East Brunswick, N.J., said he noticed his Video iPod was infected on Oct. 6 when his anti-virus program threw up a warning after he plugged the week-old device into his Windows XP computer.

Gaertner said he was able to delete the virus and the three infected files it installed, but that he remains bitter about the whole ordeal.

"I paid $250 for this thing, and it's pretty ridiculous that Apple's quality control is not better than that, because a lot of people who might get an iPod probably don't have up to date anti-virus [software] installed," he said.

The iPod news comes just days after McDonald's Japan recalled MP3 players it gave away as prizes to customers after learning that the devices shipped with spyware designed to steal sensitive data that users entered at financial and e-commerce Web sites. Last year, multimedia giant Creative acknowledged that roughly 4,000 of the company's Zen Neeon MP3 players shipped with a Windows computer worm embedded inside.

One final note: I took a look this morning at the Internet servers (located in China) that the virus is designed to connect back to, but at the moment they do not appear to be online or accepting any connections.

Update, 4:11 p.m. ET: The above post was edited to include comments from an individual whose PC was infected after plugging in a brand new Video iPod.

By Brian Krebs  |  October 18, 2006; 2:18 PM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Patches Available for Bluetooth Flaw
Next: Attacks, Flaw Reports Mar IE 7 Release

No comments have been posted to this entry.

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company