Apple Ships iPods with Windows Virus
By Nate Mook, BetaNews 
October 17, 2006, 3:08 PM
Apple apologized Tuesday for shipping video iPods containing the Windows
virus RavMonE.exe, which apparently made its way onto a small number of the
ubiquitous devices at a manufacturing plant. Around 1 percent of units
shipped after September 12, 2006 are affected.

RavMonE.exe is a mass storage virus that only affects Windows computers.
According to antivirus vendors, which dub the malware Win32.RJump.a and
Troj/Bdoor-DIJ, the virus is a Trojan that opens links to Web sites and
allows others access to a computer.

After installation, the Trojan contacts several remote sites to report the
infection and availability of the backdoor, according to security firm
Sophos, which rates it as a low risk infection. All up-to-date antivirus
applications should detect and remove the virus.

"So far we have seen less than 25 reports concerning this problem. The iPod
nano, iPod shuffle and Mac OS X are not affected, and all Video iPods now
shipping are virus free," Apple said in a statement on its support site.

The company also took the opportunity to blast Microsoft's Windows operating
system for not doing more to protect customers from such malware. "As you
might imagine, we are upset at Windows for not being more hardy against such
viruses, and even more upset with ourselves for not catching it," Apple

iPod owners who might be at risk from the Trojan should run antivirus
software to remove it from their computer. Customers can utilize Microsoft's
free Windows Live OneCare Safety Scanner, which works within a Web browser.

"Because this Windows virus propagates via mass storage devices, we
recommend that you scan any mass storage devices that you have recently
attached to your Windows computers such as external hard drives, digital
cameras with removable media, and USB flash drives," Apple added.

Although Mac OS X is not affected, the virus will remain on the device.
Apple notes that customers can use the "restore" feature in iTunes 7 to wipe
the iPod clean so it can be connected to Windows computers without problems
in the future.

Read About It
Information about W32/RJump.worm is located on VIL at:
Information about W32/QQPass.worm is located on the VIL at:

W32/RJump.worm was first discovered on June 20th, 2006 and detection was
added to the 4788 dat files (Release Date: June 20th, 2006).  

W32/QQPass.worm was first discovered on February 5th, 2003 and detection was
updated in the 4875 dat files (Release Date: October 17th, 2006).  
Though we consider this a low threat, AVERT has posted a Stinger utility to
assist with the repair of these threats.  The Avert Stinger utility can be
downloaded from the Threat Center at:

To stay updated and protected download the latest dat files from

If you suspect you have W32/RJump.worm or W32/QQPass.worm, please submit a
sample to

Mike Grant
Bytware, Inc.

CONFIDENTIALITY NOTICE:  This e-mail message and any attachment to this e-mail 
message contain information that may be privileged and confidential.  This 
e-mail and any attachments are intended solely for the use of the individual or 
entity named above (the recipient) and may not be forwarded to or shared with 
any third party.  If you are not the intended recipient and have received this 
e-mail in error, please notify us by return e-mail or by telephone at 
775-851-2900 and delete this message.  This notice is automatically appended to 
each e-mail message leaving Bytware, Inc.  

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.