In two separate incidents, digital music players have recently shipped with Windows malware payloads. I don’t even know where to begin. Mistakes happen, but this boggles the mind.
My first question is: Was this malicious or accidental? An accident is more likely preventable, while a malicious act is probably harder to block. Dabbling in computer security, I’ve always emphasized the biggest risk is internal (disgruntled employees or those on a competitor’s payroll) and have lobbied for ‘red teams’ to hash out potential vectors and strategies to minimize exposure.
It’s nice to see Apple owning up, but publicly calling out MS is somewhat unprofessional. As a Mac user (in addition to PC and Linux), I dread the day when OS X comes under attack… Apple is basically asking for it. (See Mac videos for more examples: one, two)
Apple writes: We recently discovered that a small number of the Video iPods available for purchase after September 12, 2006, left our contract manufacturer carrying the Windows RavMonE.exe virus. As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it.
Engadget writes: McDonald’s and Coca-Cola recently teamed up in Japan to give away 10,000 self-branded MP3 players pre-loaded with 10 spankin’ new tunes and… some delicious malware. It seems that a “portion” of the players sport a variant of the QQPass family of trojan horses which capture passwords and other personal information when the MP3 player is plugged into the users’ PC. The code then proceeds to email the details to the author.
FWIW, The jab at MS came in a blog, not the official announcement. The virus was introduced by a manufacturer to which Apple outsources its iPod production. I have read that some say it was a Chinese company. Pretty sure it was not malicious, but it does tell you something about quality control.
(You need trackbacks, chump!)
The jab is posted directly on Apple’s support page…
I turned off trackbacks months ago after tons of trackback spam/abuse. But we aim to please here at ZNF, and I’ve just turn them back on (with protection in place).
Wow, it is right there on the support page! As you might imagine, I am upset at ZatzNotFunny for not being more hardy against such wrong posts and even more upset with myself for not catching it.