Malware shipped on Apple Video iPods

Sophos Press Release

Malicious file does not affect non-Windows computers

A number of Video iPods have been shipped containing Windows malware

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have reminded users of the necessity to scan all storage devices they attach to their computers for malware as news breaks of a number of Video iPods that have been shipped containing Windows malware.

In a statement on its website, Apple has confirmed that some Video iPods available for purchase after 12 September, 2006 left their contract manufacturer carrying a malicious file, RavMonE.exe.

Less than one percent of Video iPods shipped since 12 September are said to be affected. iPod Nanos and iPod Shuffle devices are not reported to be carrying the malicious file, which can only activate on Windows computers.

"If you have bought a Video iPod in the last month there is a chance that it could have a Windows virus on it," said Graham Cluley, senior technology consultant for Sophos. "The good news is that if you have kept your anti-virus software up-to-date then your security software should have no trouble detecting it before it can do any harm. The even better news - if you own an Apple computer at least - is that the malware only runs on Windows, not on Mac OS X."

Sophos notes that presently Apple is not displaying the correct name for the malware on its website, instead referring to it as the RavMonE.exe Windows virus.

"There are a number of different pieces of malware which use a file called RavMonE.exe so it's not a good way of specifically identifying the infection. Sophos has been detecting the malware since 30 June as Troj/Bdoor-DIJ," continued Cluley. "The name RavMonE.exe actually comes from a perfectly legitimate program called RAV Anti-Virus so it would be wrong to call a piece of malware by this name. Hackers sometimes spoof the names of legitimate programs to cause greater confusion."

Experts at Sophos recommend that any storage device which is attached to a computer is checked for virus and other malware before use. Floppy disks, CD ROMs, USB keys, external hard drives and other devices are all capable of carrying malicious code which could infect the computers of innocent users.

Earlier this week it was reported that the Japanese subsidiary of McDonald's was recalling 10,000 MP3 players it had distributed as a giveaway. The fast food giant had discovered that a spyware Trojan horse was contained on the device.

Sophos continues to recommend that computer users ensure their anti-virus software is up-to-date, and that companies protect themselves with a consolidated solution which can defend them from the threats of viruses, spyware and spam.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at