iPods and Worms

Stephen DeAngelis

October 19, 2006

Despite Apple’s clever television commercials that tout the security of its computers, not all Apple products are immune to the nefarious challenges facing IT users. Brian Kreps, reporting in the Washington Post, examines a “worm” infecting some iPods during production [“IPods Carry Worms Windows Computers,” 19 Oct 2006]. You knew it wouldn’t be long before someone tried to attack the ubiquitous music player.

For more than a month, some iPod music players have spread a computer worm to Windows computers and external drives connected to those computers, leaving them vulnerable to attacks from hackers. The worm, which has been traced to a Windows computer used to test iPod software during manufacturing, affected less than 1 percent of the devices available for purchase after Sept. 12, said Greg Joswiak, Apple Computer Inc’s vice president of iPod product marketing. It affected only computers running the Microsoft Windows operating system.

Although there have only been 25 reported problems, the infection is probably much wider because most individual’s having infected computers don’t know it.

Edward W. Felten, director of the Center for Information Technology Policy at Princeton University, said many Windows users may not know that their computers are compromised because the worm installs itself when infected iPods are connected to computers. “This type of thing is a risk that follows from the fact that these are storage devices, but also that Windows is designed to accept programs from storage devices very easily,” Felten said. “Twenty-five complaints translates into who knows how many people infected.”

The worm, described below, opens a vulnerability that can turn a computer into a Zombie, a computer connected to the Internet that has had its security compromised. Zombies can be used for all sorts of malicious activities and their owners are generally clueless that such activity is taking place.

The worm goes by two names — RavMonE.exe and W32/Rjump.worm — and spreads to all storage devices connected to infected computers. It also opens a “backdoor” that can be used to gain access to the machines. Apple did not recall infected iPods. The company said Windows users should be able to clean up the problem with up-to-date anti-virus software. Users should also scan removable storage devices that may have been connected to infected computers.

Since iPods are being used for much more these days than just listening to music (Duke provides iPods to all incoming freshmen so that they can use them to tape lectures, etc.), it won’t be long until somebody discovers a way to infect many more of them. The reason that Macs have been safe in the past is the fact that its operating system is not as prevalent as Windows. Therefore, it’s not as lucrative a target as WIndows. That may change a bit. Early reviews of the new Microsoft Vista operating system have been so bad that I’ve read predictions that once it is released Apple’s share of the market will double. Microsoft just announced that it will relent to the complaints of security software companies and make it easier for them to develop programs for Vista.

You know you are part of the information age if cyber security ranks as high as personal and infrastructure security in your personal or corporate life. Resilient companies understand that all vulnerabilities need to be examined and addressed. Nearly two-thirds of all companies connected to the Web experience some sort of cyber attack including worms, viruses, and Trojan Horses. Many of these are backdoor attacks using code similar to that infecting the iPods discussed above. The costs for protecting against such attacks can be enormous — the costs of failing to protect one’s systems can be even higher. In an earlier blog [China & Cyberspace Threats], I discussed how the Department of Commerce had to replace all of its computers and disconnect most of them from the Internet in order to overcome the effects of a cyber attack. Welcome to the information age.