Energizer Duo battery charger hides a Trojan

(PhysOrg.com) -- The Energizer Duo USB battery charger has been hiding a backdoor Trojan in its software that affects computers using Windows. According to Symantec the Trojan has probably been there since 10th May 2007.

Energizer has now taken the software for the model CHUSB charger off the market and removed the site from which it could be downloaded, and the company is asking customers who downloaded the Windows version to uninstall it. There are easy steps to fight the Trojan in affected machines, and Macintosh users are not affected.

Symantec’s Director of Global Intelligence, Dean Turner, said it’s impossible to be certain the Trojan has always been in the software that monitors the Duo USB charger, but the Trojan’s binary header states it was created in May 2007. It is not known how the Trojan came to be in the software, but malware has previously been found to be hidden inside products. Energizer is working with the US Computer Emergency Readiness Team (US-CERT) and the US government to try to find out how the code found its way into the software.

The Trojan allows an attacker to operate with the same privileges as the user who is logged in, and to remotely control the system via connections on 7777/tcp to send and receive files, run programs, and list the contents of directories.

US-CERT advises that to fix the problem, users can delete the Arucer.dll file from the Windows system32 directory, and then restart the system. An alternative fix is to remove the USB charger software. The Trojan Arucer.dll file will still be present but the code cannot be executed in the absence of the charger software. It is also advisable to block access to port 7777 using a firewall or via network perimeter devices.

Energizer’s Duo USB battery chargers have been available in the US, Europe, Asia, and Latin America since 2007. They allow computer users to recharge the Nickel Metal Hydride (NiMH) batteries either from a wall outlet or a USB connection. It also enabled the user to monitor the status of charging on the PC.

Explore further: First Look: New Xbox elegant, but much unknown

First Look: New Xbox elegant, but much unknown

Will gamers want One? After four years of development, Microsoft unveiled the Xbox One entertainment console and touted it as an all-in-one solution for playing games, watching TV and doing everything in ...

Microsoft touts Xbox One as all-in-one entertainment (Update 4)

Microsoft thinks it has the one. The company unveiled the Xbox One, an entertainment console that wants to be the one system households will need for games, television, movies and other entertainment. It ...

Expectations high for next Xbox

It's almost time for a new Xbox. Eight years have passed since Microsoft unveiled the Xbox 360, double the amount of time between the original Xbox debut in 2001 and its high-definition successor's launch ...

Congress gets mixed advice on regulating drones

(AP)—The growing use of unmanned surveillance "eyes in the sky" aircraft raises a thicket of privacy concerns, but the U.S. Congress is getting mixed advice on what, if anything, to do about it.

The new consoles from Microsoft, Nintendo and Sony

Microsoft is the last of the three big video game console makers to unveil its latest gaming system. Tuesday's unveiling comes nearly eight years after the Xbox 360 went on sale. It follows last fall's de ...

Physics of 'green waves' could make city traffic flow more smoothly

(Phys.org) —If you've been lucky enough to catch all the green lights as you drive down a busy street, you may have been benefiting from intentional synchronization called a "green wave." The green wave ...

Researchers explain magnetic field misbehavior in solar flares

When a solar flare filled with charged particles erupts from the sun, its magnetic fields sometime break a widely accepted rule of physics. The flux-freezing theorem dictates that the magnetic lines of force ...

Transparent electrode innovation could bring flexible solar cells, transistors, displays

(Phys.org) —Researchers have created a new type of transparent electrode that might find uses in solar cells, flexible displays for computers and consumer electronics and future "optoelectronic" circuits ...

Fragile mega-galaxy is missing link in history of cosmos

Two hungry young galaxies that collided 11 billion years ago are rapidly forming a massive galaxy about 10 times the size of the Milky Way, according to UC Irvine-led research published Wednesday in the journal ...

Theorists weigh in on where to hunt dark matter

(Phys.org) —Now that it looks like the hunt for the Higgs boson is over, particles of dark matter are at the top of the physics "Most Wanted" list. Dozens of experiments have been searching for them, but ...

Nik_2213

not rated yet Mar 09, 2010

What has the world come to when you can't even trust a lowly wall-wart ??

( Metaphorically speaking ;-)

Royale

3.8 / 5 (4) Mar 09, 2010

can anyone say foreign nations are prepping for a cyber war a lot more than we are? where was the program written, where was the hardware made? we need to start acting and stop reacting.

fuzz54

If you have a proper firewall running then it would block the trojan or the charger software from accessing the internet. With that being said, most people don't have a proper firewall running.

Skeptic_Heretic

5 / 5 (1) Mar 09, 2010

When I first read this I was thinking more along the lines of "for those surprise encounters, a hidden trojan compartment".

I laughed, then I read the article. Who really uses a monitor program for a USB battery charger? It's 24 hours for a charge, so said the manual.

Most firewalls stop uninitiated incomming connections and ignore outgoing connections by default. Unless you've spent ten thousand on a hardware appliance, you're just as unprotected as those you look down on.

Probably not energizer as a company, but for their outsourced developers looking to make some extra money the motive is right there.

More news stories