Sunday, December 17, 2006

Introduction to How can a Windows virus end up on an iPod?

It seems that iPod has run into a bit of a snag regarding its Windows support, considered by many in the industry to be crucial to the iPod's near-complete dominance in the portable media player market. One might think that because iPods are Apple devices, they're not susceptible to the viruses that plague Microsoft's Windows operating system. Apparently, not so. If you bought an iPod video between September 12, 2006 and October 18, 2006, there is, according to Apple, a 1 percent chance it contains a worm called RavMonE.exe. The worm is of the sort that opens a "back door" on a PC so that a remote user can start controlling the infected computer. The iPod shuffles and iPod nanos shipped after September 12 are not infected with the malware; the worm does nothing to harm the iPod device itself; and people who only connect the iPod video to a Mac running Mac OS X will never activate the worm. The malware is in the Windows-support programs that live on the iPod.
The worm jumps into action when you connect an infected iPod video to a machine running Windows that is set to automatically run iPod applications when it detects a connected iPod. So the easiest way to make sure your PC doesn't get infected is simply to disable the autorun/autoplay capabilities in your iTunes interface. That way, you'll be prompted to approve each application the iPod software wants to run. If your computer asks you to run something called RavMonE.exe, also known as Win32.RJump.a, Troj/Bdoor-DIJ, WORM_SIWEOL.B, Backdoor.Rajump and numerous other names, just say no. In fact, it's probably best to put e-mail rules into effect and just say no to running anything that looks unfamiliar.
So how does this type of thing happen? Apple Vice President Greg Joswiak explains in a CIO Tech Informer article:
As you’re probably aware, the majority of iPod sales are made to Windows users, so we have some Windows terminals on our production line. We discovered that one of these computers was propagating this virus. The machine that was doing the infecting was apparently the last Windows machine on that particular production line -- the quality-control computer. If you do end up connecting an infected iPod to your PC, your anti-virus software should be able to detect it, so hopefully you won't get infected. If you do get infected, running a standard virus-detection-and-removal program should be able to clean your machine. Splotlighting News recommends that all Windows users who have connected a potentially infected iPod to their machine run one of these:
Microsoft Live OneCare Safety Scanner Microsoft Live OneCare McAfee Symantec Norton Anti-Virus Apple says that all iPods shipped as of October 18, 2006, are free of malware.

No comments: