Apple Computer this week reported that some of its popular Video iPod players sold since September 12 were loaded with a variant of the RJump worm. According to the official report, a small number – less than 1% – of players left Apple’s contract manufacturer carrying the RavMonE.exe file, a main and only component of the worm spreading through network shares and storage devices.
The named parasite is no harm to Apple MacOS-running systems. Only Microsoft Windows machines can be infected. To do this, the user or installed software has to execute the RavMonE.exe file, which then will run quite a dangerous payload – open a back door providing the attacker with unauthorized remote access to the compromised computer.
It should be noted that RJump is a well-known parasite discovered last summer. Most antiviruses and even anti-spyware programs provide sufficient protection against this threat. Simply executing RavMonE.exe or even accessing files on iPod would trigger a real-time monitor of installed security software.
However, a lot of Windows users do not have latest updates, and a part of them does not even have security software installed, or that software is misconfigured (background protection disabled, scanners turned off, etc.).
Assuming this, Apple’s excuse that “RavMonE.exe is a known Windows virus and up to date anti-virus software using the default settings should detect and remove it” sure is unacceptable. But the following statement is just careless and inexcusable:
As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it.
It’s hardly believable, but this was taken from Apple’s official report. The company ships malware carrying devices and says that Windows is so insecure that malicious parasites can infect it!
Indeed, Apple thinks differently.