Some Video iPods Carry Windows Virus

Apple Computer (Nasdaq: AAPL) has confirmed that some Video iPods available for purchase after September 12, 2006, left their contract manufacturer carrying a malicious file called "RavMonE.exe."

Less than 1 percent of all Video iPods shipped since September 12 were infected with the malware -- which only functions on Windows computers -- and neither the iPod nano nor the iPod shuttle were affected, according to the company.

Apple claims to have received no more than 25 complaints regarding the malware infection to date, and says all Video iPods presently shipping are virus-free.

Infected Test PC Suspected

"It's most likely that some of the Video iPods were plugged into a Windows PC for testing purposes at Apple's Chinese-based contractor's manufacturing plant, which is why only some of them are infected rather than all," said Graham Cluley, senior technology consultant for IT security firm Sophos. "However, unfortunately, if you have bought a Video iPod in the last month, there is a chance that it could have a Windows virus on it."

Cluley confirmed Apple's statement, however, that most up-to-date date antivirus software packages for Windows should be able to detect the RavMonE virus and remove it. The "even better news," Cluley added, is that the virus doesn't run on Mac OS X, so owners of Mac computers running the OS need not be concerned.

While Apple refers to the malware code as the "RavMonE.exe Windows virus," it is likely a member of the RJump virus family, said Cluley.

"There are a number of different pieces of malware which use a file called 'RavMonE.exe,' and so we don't know at the moment precisely which Trojan horse or virus may have been shipped," he explained. "The name 'RavMonE.exe' actually comes from a perfectly legitimate program called 'RAV Anti-Virus,' so it would be wrong to call a piece of malware by this name. Hackers sometimes spoof the names of legitimate programs to cause greater confusion."

Instructions for Removal

Apple provides instructions on its Web site for removing the virus for users who don't presently have antivirus software, as well as links to antivirus providers offering free 30-day trials of their products.

Since the Windows virus propagates via mass storage devices, Apple recommends that users should scan any such components they may have recently attached to Windows computers, such as external hard drives, digital cameras with removable media, and USB flash drives.