What's playing on an iPod near you? Apple and the Windows worm

What's playing on an iPod near you? Apple and the Windows worm

Summary: The news that Apple shipped iPods containing malware came as a bit of a surprise yesterday. After all, you expect a company like Apple to have plenty of safeguards and checks and balances in place to prevent this kind of thing happening. The truth is however that a chain is only as strong as its weakest link and putting your trust in someone else's chain is rarely a good idea.

SHARE:
TOPICS: Apple
15

The news that Apple shipped iPods containing malware came as a bit of a surprise yesterday.  After all, you expect a company like Apple to have plenty of safeguards and checks and balances in place to prevent this kind of thing happening.  The truth is however that a chain is only as strong as its weakest link and putting your trust in someone else's chain is rarely a good idea.

This shows yet another serious crack in the Apple manufacturing processFirst, some information.  The malware shipped by Apple to iPod customers is called RavMonE.exe.  It also goes by other names, for example Win32.RJump.a, Backdoor.Rajump, W32/Jisx.A.worm, WORM_SIWEOL.B, Troj/Bdoor-DIJ.  Trend Micro has a pretty good writeup of its capabilities:

This worm propagates via mapped drives. It lists all mapped drives on an affected system and drops several files in the root folder. It also propagates via removable drives such as flash disks and floppy disks.

It has backdoor capabilities. Using random ports, it connects to a remote user. Once a connection is established, the remote user issues commands on the affected system.

This malware made its way onto Video iPods available for purchase after September 12, 2006.  If you bought a Video iPod after that date, there is, according to Apple, a "less than 1%" chance that your iPod is home to the malware.  Apple is playing the numbers game here and attempting to minimize the scale of the problems.  If you play the lottery or have every gambled at a casino then you obviously believe that odds far lower than 1 in a 100 are significant enough to bet money on.  The iPod nano, iPod shuffle and Mac OS X users are not affected, and all Video iPods now shipping are virus free.  With 8 million iPods shifted by Apple in the third quarter, less than 1% starts to mount up.

Apple then goes on to take a cheap shot at Microsoft:

As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it.

I don't know.  Some people think that is cute or funny, but really it's another marketing trick, this time called reframing.  You take the situation you are in and try to deflect the problem onto someone else.  If Apple doesn't want to do business with Windows users then there's a very easy way that it could do that - withdraw support in iTunes for Windows.  While the company continues to want to do business with Windows users they have a duty to treat this issue seriously.  That statement proves to me that Apple aren't taking security seriously and have little respect for their customers who choose to use the Windows platform.  It shows yet another serious crack in the Apple manufacturing process ... but that's another story entirely.

Apple have been economical with information about this issue but it seems to me that this malware is triggered as soon as the device is connected to a PC as long as AutoPlay is enabled on the system for that drive.  Most users have this enabled by default in Windows because it is seen as a convenient system mechanism - but it's open to abuse.  Because of that it's a good idea to disable AutoPlay and AutoRun because that puts you in the driving seat and allows you to control what is run and when.  For information on how to disable this in Windows XP, check out this post.

If you are worried that your iPod is playing host to this nasty malware, McAfee have released a new version of their Stinger removal tool.  McAfee Stinger is a free standalone utility tool that can detect and remove specific viruses, including the W32/RJump.worm, also named RJump.worm and the W32/QQPass.worm, also named QQPass.worm.

This incident also highlights the importance of scanning all your devices for malware.  Just because a device has come from Apple or Microsoft or any of the other big names doesn't mean that it's clean.  Always scan new storage devices with an up-to-date antivirus solution.  Don't leave this kind of thing to chance.

Removable storage media is also a headache for businesses.  While it might be hip to allow employees to hook up their iPods or other removable media to a company PC, it's not a good idea.  Not only are they a vector for malware, but they can allow data to leak out of the company.  It's one of those things where you have to outweigh the risks against the benefits (almost always the risks outweigh any possible benefits).

Topic: Apple

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

15 comments
Log in or register to join the discussion
  • This is Anti-Apple slant

    The iPods are manufactured in the far east by a subcontractor. The
    virus was passed on from one of their PC's in the assembly line.
    How you can translate that incident into Apple generally not taking
    security seriously is beyond me!

    This is potentially a serious threat to Apple's iPod sales. What you
    are in fact saying is that they are not taking their own business
    seriously. Do you really believe that they are that stupid?
    lars_petsen@...
    • No, they aren't taking security seriously ...

      Instead of:

      - Releasing a fix tool
      - Being more open about the problem (numbers, serial number ranges)
      - Being clear about the malware involved

      Apple instead chooses to:

      - Minimize the problem
      - Link to a random set of online tools
      - Take a cheap shot at Windows users

      It's Apple's name on the product, the buck stops with them. Mistakes happen, but in cleaning this one up the company demonstrated little class and chose to try to weasel out of the problem.
      Adrian Kingsley-Hughes
      • Perspective

        These folks who "don't take security seriously" have protected
        their users from remote attacks and spyware for well over 5
        years by implementing a true multi user system. Those users
        include me. What have you done for me lately Adrian? This
        warning that Apple is arrogant? Well that's a help I guess,
        Thanks.

        I'd suggest that you stay well away from this kind of arrogance
        and refuse to purchase Apple products as a matter of principle.
        Your alternatives are Linux and Windows.
        Harry Bardal
        • I don't purchase Apple products ...

          ... out of principal.

          Why?

          - Style over function (a route Microsoft it taking with Vista)
          - Lack of concern for the environment
          - Overpriced
          - Arrogant attitude towards anyone who doesn't follow the "cult of Mac"

          Oh, and to answer "What have you done for me lately Adrian?"

          Gave you some free insight and thoughts and invited you to comment. Didn't cost you a dime. Whether you agree with me or not is fine by me. Take it or leave it.
          Adrian Kingsley-Hughes
        • What has protected Apple users is a small market share

          "These folks who "don't take security seriously" have protected their users from remote attacks and spyware for well over 5 years by implementing a true multi user system."

          What has given Apple the upper hand in security is nothing more than a small market share.
          Adrian Kingsley-Hughes
    • And which part of it is wrong?

      As Adrian points out, companies are responsible for the work performed on their behalf by subcontractors. If Apple doesn't think that the subcontractor is doing the job right, the subcontractor can and should be fired.

      Arguably, Apple has decided that the cost savings from cheap labor outweigh the security risks.

      Allegations of bias in news reports and commentary are almost always a cop-out (just as much as they were back in the 70's when Spiro Agnew made them). If you think the report is wrong or incomplete, then say so and say why. Otherwise, there's really no reason why anyone should listen to you.

      Note that paid propaganda disguised as research or news is an entirely different issue, but I know of nothing that suggests that Adrian engages in it. Indeed, he deviates from the MS party line far too often for me to believe that he's biased in favor of MS, much less that he propagandizes for them.
      John L. Ries
      • Technologist's Report on Attitude

        The report is not wrong, nor is it incomplete. It simply sets a
        puerile agenda and lacks perspective. The vendor that has
        provided it's users the best security record has been accused of
        not caring about security. Could I get some more whipped cream
        on that pie? This is a technologist's take on Apple's attitude. As
        such, it's a waste of time. I hope some righteous indignation is
        left over for the substantive consequences of a real security
        issue. You know, the ones that have been measured in billions.

        Apple users may indeed be complacent, but the record and the
        accusations are worlds apart. At the end of the day, Adrian isn't
        the guy who gets to lecture me about my computers security.
        Not even close. I'll take Apple's arrogance over Adrian's any day.
        Harry Bardal
        • Each to his/her own

          "The vendor that has provided it's users the best security record has been accused of not caring about security."

          "Not even close. I'll take Apple's arrogance over Adrian's any day."

          Why do you feel the need to vigorously defend a multi-billion dollar company over such a sloppy action?

          Apple care about profits. Period. For fear of denting investor confidence Apple refused to clear up the point of how many iPods were affected by this worm or to release serial number ranges.

          Every tech company does. If you believe that Apple as your security best interests at heart then you are seriously misguided.
          Adrian Kingsley-Hughes
    • The Problem is in Apple's Response

      The point of the article isn't that this particular situation is necessarily a major threat (less than 1%, etc.). The point is that Apple is managing the situation poorly. Rather than taking responsibility for their product's problem, Apple has engaged in buck-passing and dodging of the issue. Problems (of any kind) need to be faced constructively, instead of putting off solutions in favor of rhetoric.

      A good example of this was Sony's handling of its disastrous lithium-ion power cell fiasco. Sony is eating up the direct costs of battery replacement and has admitted that it is their manufacturing process that created the problem. Of course, they may yet get a lower grade depending on how long it turns out that they were aware of the problem, but for now I'll give them the benefit of the doubt (innocent until proven guilty, right?).

      A bad example of problem-solving would be the US government's efforts at Social Security reform (or the "War on Terror," or the situation in Iraq, or just about anything government does, for that matter). Rather than taking constructive steps to solve problems, politicians would rather spend their time placing blame and pointing fingers (particularly in Congress - is it just me or are "Congressional Hearings" totally wrong? Dragging people out and grilling them when representatives have no business doing that sort of thing - that's why we have courts, isn't it?).

      Okay, so more than enough ranting from me, but I hope you get the point. By the way, I have two Macs at home, so don't think I'm saying this for the sake of Microsoft.
      multanihl
      • Apple's Response

        Apple expressed regret over the incident, said it will be fixed,
        and made users aware the problem was germane to Windows
        and did not affect Mac. The message had a conversational tone.

        This isn't about "arrogance" because it wasn't arrogant. This is
        about Apple sales up 30%, Apple eating Dells lunch, Apple
        running rings technologically, and Apple's exemplary security
        record over the last 5 years. Last but not least, this is about the
        fact that Apple doesn't owe a living to the millions of limpets
        clinging to the Windows ecosystem.

        For the sake of comparison, the preceeding passage was, in fact,
        arrogant.
        Harry Bardal
        • sorry 'bout that

          Didn't mean to come off as arrogant there - I've got to work on my writing style or something.

          On a lighter note, does anyone else think it's funny that the particular piece of malware was a worm?

          Worm + Apple = Funny(?)
          multanihl
        • Rewind

          "Apple doesn't owe a living to the millions of limpets clinging to the Windows ecosystem."

          Where would the iPod be if it didn't support Windows? Let me tell you where - history.
          Adrian Kingsley-Hughes
    • Nothing is a threat to iPod sales

      "This is potentially a serious threat to Apple's iPod sales"

      Nah, won't make a jot of difference.
      Adrian Kingsley-Hughes
  • Yup - Apple is in the wrong here

    Yes - they should have cleaned it up in the process with better checking. Yes they should have ditched the smug comment about Windows. They did not and they were wrong in their actions.

    That said then... no more period. Rather than counter point with other items (real or imagined misdeeds by MS) I chose to drop this, as I hope the rest of the folks do. I am glad we were informed that this occurred and folks that bought this product have the opportunity to fix something that can cause their systems harm.

    Can we read more about hardware now?
    Jim888
  • Apple's iMedia business model: All C.R.A.P.

    Apple's detemined to hijack control of digital media and i-brand it using any means necessary. Now they have to face stiff competition from Sony Music's DRM rootkits. ]:)
    Mr. Roboto