Broadband Tech > Security > Security > Energizer Bunny's software infects PCs

Energizer Bunny's software infects PCs

USB battery recharger status software contains Trojan, says US-CERT
By Gregg Keizer
March 7, 2010 10:17 PM ET

Computerworld - The Energizer Bunny infects PCs with backdoor malware, the Department of Homeland Security's US-CERT said Friday.

According to researchers at US-CERT (United States Computer Emergency Readiness Team), software that accompanies the Energizer DUO USB battery charger contains a Trojan horse that gives hackers total access to a Windows PC.

The Energizer DUO, a USB-powered nickel-metal hydride battery recharger, has been discontinued, said Energizer Holdings, which late Friday confirmed that the software contains malicious code. The company has not said how the Trojan made its way into the software, however. "Energizer is currently working with both CERT and U.S. government officials to understand how the code was inserted in the software," Energizer said in a statement.

Energizer's DUO was sold in the U.S., Latin America, Europe and Asia starting in 2007.

The Windows software included with the charger is designed to show battery-charging status. When the software is installed, it creates the file "Arucer.dll," which is actually a Trojan that listens for commands on TCP port 7777. Upon instructions, the Trojan can download and execute files, transmit files stolen from the PC, or tweak the Windows registry. The Trojan automatically executes each time the PC is turned on, and remains active, even if the Energizer charger is not connected to the machine.

US-CERT urged users who had installed the Energizer software to uninstall it, which disables the automatic execution of the Trojan. Alternately, users can remove the Arucer.dll from Windows' "system32" directory, then reboot the machine.

Both US-CERT and Symantec have published advisories about the Trojan.

Energizer said it has removed the software from its download site, and added that although it had offered similar software for Mac OS X, only the Windows version had been infected.

This isn't the first time that a hardware company has planted malware on unsuspecting customers' PCs. In 2007, Seagate Technology admitted that an unknown number of its hard drives left an Asian manufacturing plant with Trojan horses, while the year before that Apple warned iPod owners that some of the music players carried a Windows virus.

In early 2008, electronic retailer Best Buy confirmed it had sold digital picture frames with attack code that spread to connected PCs.

The virus that keeps on going.

Arucer.dll has been loaded in this since 2008 and at the same time in 08 best buy was selling a digital picture frame with a trojan. It makes you wonder if this was another product manufactured in china or was someone wanting to find out other company secrets.

You can make a grid of spying on your own with a few easy steps and none will be aware until a much later date. The cpu usage should have been a dead giveaway concerning the above.

reply to CovMac
Let me guess...made in China?

Considering how much we farm out to them, yet claim to be nearly enemies ideologically, why the hell wouldn't they slip some spyware in when they have the chance?

It's geopolitical/corporate cyberwarfare.

Doh.
--

My 9/11 Tribute..online since 9/14/01
Need an Avatar? Check out Wafen's Avatar Pages

reply to CovMac
US-Cert advisory here;

»www.kb.cert.org/vuls/id/154421

reply to CovMac
Wonder if this is one of those programs that suggests disabling your Antivirus for installation.

reply to CovMac
Ah, I was right....

The file details for Arucer.dll are:
 
--a-- W32i   DLL CHS         1.0.0.1 shp     28,672 05-10-2007 arucer.dll
        Language        0x0804 (Chinese (PRC))
 
 

reply to CovMac
See also »www.symantec.com/connect/blogs/b···software

reply to CovMac
Already in the System Lookup database

More:
»www.symantec.com/business/securi···&tabid=2
--
siljaline

Support your local NGO

reply to CovMac
Quite sad.........

Seemes its getting harder and harder to trust new things!!

reply to CovMac
Just another reason to not only run a resident A/V but to scan everything before an install!

reply to CovMac
Energizer has to find out exactly how this happened.

They must be able to trace who wrote, and had access to the code etc. Then heads must roll and be exposed very publically.

If we get many more of these events, i wouldn't be at all surprised if decent companies move their business elsewhere, and so they should. China ain't gonna like that, so they'd better get their act cleaned up asap.

First it was tainted children's toys, then tainted food, now tainted program code. What next? Processors that intentionally send your private data to China?

Honestly, I don't know why we continue to do business with China when so far they have provided us nothing but reasons to not trust them.
--
Tom
Darkscribes, Home of Anime and SciFi Fanfiction and Original works of Fiction.

reply to Rebirth
The Enengizer Bunny corporate office appears to want to come clean. as it where.

quote:

---

ST. LOUIS, March 5, 2010 /PRNewswire via COMTEX/ -- Energizer has been informed by the CERT Coordination Center (CERT) that the Windows software that was referenced and made available via a download with its Duo Charger, Model CHUSB, contains a vulnerability. Energizer introduced the Duo Charger in the United States and the USB Charger in Latin America, Europe and Asia in 2007. Both products charge Nickel Metal Hydride batteries from both a wall outlet and a USB connection. The product included a feature that would allow the user to view the battery charging status on a computer if associated software was installed. The Duo Charger product documentation referenced www.energizer.com/usbcharger to download the software. The site offered downloadable software in both Windows and Apple(R) versions; however only the Windows version contained the vulnerability.
Energizer has discontinued sale of this product and has removed the site to download the software. In addition, the company is directing consumers that downloaded the Windows version of the software to uninstall or otherwise remove the software from your computer. This will eliminate the vulnerability. In addition CERT and Energizer recommend that users remove a file that may remain after the software has been removed. The file name is Arucer.dll, which can be found in the Window system32 directory.

---

reply to CovMac
Just think of all the appliances you might connect to your computer via a USB port.

MP3 players, digital cameras, memory sticks, cell phones, kindles and their competitors, all with memory and most with software. Probably all manufactured in Asia. The Chinese probably trying to infect them all.

What about graphic cards, sound cards, modems, or even hard drives and motherboards themselves. I think every piece of computer hardware that I have ever bought has been made in Asia. The espionage possibilities seem endless. Why didn't we think of that, or maybe we have? I wonder if the CIA could be a silent partner with some hardware manufacturers?

reply to trparky

reply to Dude111

reply to trparky

Ya, and they are gonna 'own' us more than just in the cyber realms way or another if we ain't careful...

»en.wikipedia.org/wiki/United_Sta···wnership

"in May 2009, the US owed China $772 billion."

Now, as of Dec. 2009:

quote:

---

Following the $6.4 billion U.S. arms sale to Taiwan in January, some members of the Chinese military have advocated using China's considerable U.S. Treasury bond holdings as a weapon to retaliate against America. In a recent article in Chinese magazine Outlook Weekly, senior army officers at China's military university called for a stern response to the arms sale, stating that "we could sanction [the U.S.] using economic means, such as dumping some U.S. government bonds."

---

caffeinator , the only thing that's protecting us from China performing a "credit call" on the United States is the fact that they would get nothing in return, it would instantly crash our economy, and their (China's) economy would be royally screwed in the process as well.

In other words, we would both be screwed in the end and China's leaders know that. They'd be stupid if they did that.
--
Tom
Darkscribes, Home of Anime and SciFi Fanfiction and Original works of Fiction.

reply to siljaline
From: The Register

Energizer site still plagued by data-stealing trojan

quote:

---

The maker of Energizer brand batteries is continuing to serve its customers a file laced with a data-stealing trojan more than 24 hours after the company was notified of the threat and almost two weeks after it promised to fix the problem.

A spokeswoman for Energizer Holdings acknowledged receiving a voicemail Wednesday night informing her the trojan was being offered for download on one of the company's European websites. She said she didn't respond to the message because of the late hour at which it was left, and never saw an article reporting that two anti-virus firms had confirmed the site continued to offer the toxic file 12 days after the company promised to stamp it out.

"More than half the time I call a reporter back, the story's already run," she told The Register on Thursday afternoon. "I find it a little odd that someone would call someone at 9:30 at night. That is not within normal business hours."

When The Reg directed the spokeswoman to the precise page where the offending UsbCharger_setup_V1_1_1.exe file is being served, she said: "I can assure you it will be taken down immediately."

---