March 9, 2010

Energizer Device Opens Door For Hackers

Energizer and US-CERT have warned that software downloaded for use with the Energizer DUO USB battery charger contains a backdoor that could allow an attacker to remotely take control of a Windows-based PC.

"The installer for the Energizer Duo software places the file UsbCharger.dll in the application's directory and Arucer.dll in the Windows system32 directory," the U.S. Computer Emergency Readiness Team said in an advisory on Friday.

"Arucer.dll is a backdoor that allows unauthorized remote system access via accepting connections on 7777/tcp. Its capabilities include the ability to list directories, send and receive files, and execute programs."

Energizer said in a statement that the Windows software was made available through download with the Energizer Duo Charger.

The company said they are not sure how the Trojan worked its way into the software.

"Energizer has discontinued sale of this product and has removed the site to download the software," the statement said. "Energizer is currently working with both CERT and U.S. government officials to understand how the code was inserted in the software."

US-CERT said those that installed the software should remove the Energizer Duo software and Arucer.dll file, as well as block access port 7777 through network perimeter devices or firewall software.

According to Symantec, the virus may have been in the software since it was first offered in 2007.

"We were interested in finding out how long this file had been available to the public. The compile time for the file is May 10, 2007. It is impossible to say for sure that this Trojan has always been in this software, but from our initial inspection it appears so," Symantec wrote in a blog post.

"The Trojan still operates whether this device is found or not, so a USB charger doesn't need to be plugged in for the Trojan to be functioning."

Marcus Sachs, director of the SANS Internet Storm Center, told CNET that if the Trojan does date back to 2007 then that is about the same time there were a rash of products like digital photo frames hitting U.S. shelves infected with malware.

"This may simply be from that time frame when all the factories in China were not clean and many were putting malware onto stuff, not intentionally but because the hygiene wasn't good," he said in an interview on Monday.

"Who knows where the server (hosting the software) is located," he said. "It could have been exposed to the unclean conditions that were rampant there."


On the Net: