IPods Carry Worm to Windows Computers
Apple Says Devices Were Infected During Tests; Anti-Virus Programs Can Fix Problem

By Brian Krebs
Special to the Washington Post
Thursday, October 19, 2006

For more than a month, some iPod music players have spread a computer worm to Windows computers and external drives connected to those computers, leaving them vulnerable to attacks from hackers.

The worm, which has been traced to a Windows computer used to test iPod software during manufacturing, affected less than 1 percent of the devices available for purchase after Sept. 12, said Greg Joswiak, Apple Computer Inc's vice president of iPod product marketing. It affected only computers running the Microsoft Windows operating system.

The problem has been fixed, Joswiak said. He would not say how many devices were affected. Apple has received fewer than 25 reports of the problem, he said.

Edward W. Felten, director of the Center for Information Technology Policy at Princeton University, said many Windows users may not know that their computers are compromised because the worm installs itself when infected iPods are connected to computers.

"This type of thing is a risk that follows from the fact that these are storage devices, but also that Windows is designed to accept programs from storage devices very easily," Felten said. "Twenty-five complaints translates into who knows how many people infected."

The worm goes by two names -- RavMonE.exe and W32/Rjump.worm -- and spreads to all storage devices connected to infected computers. It also opens a "backdoor" that can be used to gain access to the machines.

Apple did not recall infected iPods. The company said Windows users should be able to clean up the problem with up-to-date anti-virus software. Users should also scan removable storage devices that may have been connected to infected computers.

View all comments that have been posted about this article.

© 2006 The Washington Post Company