Toward the end of September 2006, Video IPod users started to report problems with the W32/RJump worm showing up on their PCs after installing the IPod. The infection occurs when a removable storage device or a mapped drive hosting a copy of W32/Rjump.worm is accessed and the user agrees to the auto run prompt for execution of the worm. W32/Rjump.worm creates a port exception for its backdoor component to bypass the built-in firewall of WinXp by executing the following netsh command.
%Windir%\%Sysdir%\cmd.exe /c netsh firewall add portopening TCP 16942 NortonAV
Today, Apple Computer announced on their Web site that they discovered that a limited number of the Video IPods sold after September 12, 2006 were infected with the RavMonE.exe virus (aka W32/RJump) at the manufacturing stage. They issued this statement on their Web site which included a cheap shot at Windows for not being more “hardy against such viruses” even though they were the ones to introduce the virus in the first place. That’s just a cheap shot and they should own up to their mistake without trying to shift blame on someone else. Aside from taking a swipe at Microsoft, they did little to explain how this worm got into the IPod to begin with. Just in case they remove it from their site, here is an excerpt of their statement:
“We recently discovered that a small number – less than 1% – of the Video iPods available for purchase after September 12, 2006, left our contract manufacturer carrying the Windows RavMonE.exe virus. This known virus affects only Windows computers, and up to date anti-virus software which is included with most Windows computers should detect and remove it. So far we have seen less than 25 reports concerning this problem. The iPod nano, iPod shuffle and Mac OS X are not affected, and all Video iPods now shipping are virus free. As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it.”
Because this worm propagates via mass storage devices, users who encountered this problem should scan all their removable storage devices like CF cards, flash drive, and removable hard drives in addition to scanning their PCs.