In two separate incidents, digital music players have recently shipped with Windows malware payloads. I don’t even know where to begin. Mistakes happen, but this boggles the mind.
My first question is: Was this malicious or accidental? An accident is more likely preventable, while a malicious act is probably harder to block. Dabbling in computer security, I’ve always emphasized the biggest risk is internal (disgruntled employees or those on a competitor’s payroll) and have lobbied for ‘red teams’ to hash out potential vectors and strategies to minimize exposure.
It’s nice to see Apple owning up, but publicly calling out MS is somewhat unprofessional. As a Mac user (in addition to PC and Linux), I dread the day when OS X comes under attack… Apple is basically asking for it. (See Mac videos for more examples: one, two)
Apple writes: We recently discovered that a small number of the Video iPods available for purchase after September 12, 2006, left our contract manufacturer carrying the Windows RavMonE.exe virus. As you might imagine, we are upset at Windows for not being more hardy against such viruses, and even more upset with ourselves for not catching it.
Engadget writes: McDonald’s and Coca-Cola recently teamed up in Japan to give away 10,000 self-branded MP3 players pre-loaded with 10 spankin’ new tunes and… some delicious malware. It seems that a “portion” of the players sport a variant of the QQPass family of trojan horses which capture passwords and other personal information when the MP3 player is plugged into the users’ PC. The code then proceeds to email the details to the author.