March 25, 2010

Energizer Duo USB Charger: Backdoor Trojan Issue

Can a battery charger present a security risk to your computer? You bet, it can. Of course, not a charger itself, but a free software that comes with it. US-CERT (a United States Computer Emergency Readiness Team which is part of the Department of Homeland Security) has just issued a Vulnerability Note stating that "Energizer DUO USB battery charger software allows unauthorized remote system access".

For reference, Energizer Holdings, Inc. is one of the world's largest manufacturers of batteries, battery-powered devices and flashlights. Chances are your portable player uses their batteries. In 2007, Energizer introduced Duo USB Charger that can charge Nickel Metal Hydride batteries from a USB port. It had optional downloadable software that let you view the battery charging status. Well, it has been found that this software included a file Arucer.dll which is a backdoor Trojan that allows unauthorized remote access to your computer. According to Symantec, this Trojan operates with the privileges of the logged-on user and listens for commands from anyone who connects and can perform various actions, such as the following:
• Download a file
• Execute a file
• Send a directory listing to the remote attacker
• Send files to the remote attacker
• Modify the registry

The solutions recommended by US-CERT are: remove the Arucer.dll file, remove "Run DLL as an App" exclusion from the Windows Firewall, and block or restrict network access. Energizer acknowledged the security issue. It has removed this software download and are now directing consumers to download an uninstall software that should eliminate the vulnerability.

March 22, 2010

AVE.exe (Total Vista Security) Virus Removal

I recently wrote about removal of fake security alert Anti-Virus System Pro. The main step in the removal procedure was restarting PC in safe mode and running Malwarebytes (mbam.exe). Unfortunately, it does not work with a new modification of this virus, called Total Vista Security that runs a program file ave.exe. This program continues running in safe mode and prevents you from starting mbam. So, how to stop it? You can temporarily stop ave.exe process via Task Manager but it reappears in a moment. What does ave.exe do? Basically it does the same as similar fake security alert malware- it prevents you from opening any program on an infected computer and is trying to trick you into buying their software. Don't pay them - you can fix the problem for free in minutes. I managed to get rid of this malware just by restoring my computer to a previous date.

To use the system restore while this virus is running you can begin as if you are restarting the computer in safe mode via Start menu:
Start> Shut Down>Restart.
When Windows shuts down and the screen becomes blank, start hitting F8 key until you hear a beep and a menu appears. Select Safe Mode with Networking, hit Enter and then hit Enter again on selection of your operating system (such as Windows XP). After computer restarted and you logged in, it asks you if you want to proceed into Safe mode or use System Restore. Select System Restore and choose a past date when you are sure you had no viruses. Note that this process does not affect your files, only the programs you might install or update since the restore date you chose. After restoring your system you should be able to download (if you have not done it yet) and run free Malwarebytes (mbam.exe). Just update it to the latest version first. The above ave.exe removal guide does not constitute a professional advice: if you choose to use it, do it at your own risk. It worked for me, but of course I can't guarantee it would work for everyone.

March 11, 2010

Meeting Energy Efficiency Standards for External Power Supplies

I previously wrote about the Energy Independence and Security Act of 2007 (EISA 2007). Its Section 301 establishes efficiency standards for external power supplies (EPS), such as power adapters. The U.S. Department of Energy (DOE) has recently published a Final Rule on "Energy Conservation Program: Certification, Compliance, and Enforcement Requirements for Certain Consumer Products and Commercial and Industrial Equipment." In this document under section 430.24 (bb), is the requirement for determining the number of EPS units to be tested to claim compliance with EISA 2007. In short, the DOE document requires 97.5% confidence level to reflect variations in materials, the manufacturing process, and testing tolerances.

The Section 24(bb) of Title 10 of the Code of Federal Regulations (10 CFR) Part 430 states:
For each basic model of external power supply selected for testing, a sample of sufficient size shall be selected at random and tested to ensure that—

(1) Any represented value of the estimated energy consumption of a basic model for which consumers would favor lower values shall be no less than the higher of: (i) The mean of the sample, or (ii) The upper 97.5 percent confidence limit of the true mean divided by 1.05;

and

(2) Any represented value of the estimated energy consumption of a basic model for which consumers would favor higher values shall be no greater than the lower of: (i) The mean of the sample, or (ii) The lower 97.5 percent confidence limit of the true mean divided by 0.95.

To demonstrate compliance with EISA 2007 standards for Class A EPSs (in effect since July 1, 2008), manufacturers must test representative sample of units according to the DOE test procedure, and certify their compliance by submitting a compliance statement and the first certification report to DOE by July 6, 2010.

To translate their language to plain English, when they say the "represented value of energy consumption for which consumers would favor higher values" they refer to the efficiency. Conversely, the "represented value for which consumers would favor lower values" is input watts. (Our lawmakers of course presume they know what we, the consumers would favor. Would you favor a charger with 51% efficiency over a charger with 49% if the latter one costs twice less?)

To determine the number of the samples to be tested to confirm the compliance with 97.5% confidence level, the manufacturers would have to revisit the statistical analysis theory. To be able to sell the affected external power supplies in US, they have to do the testing, the math, and to submit the required docs to DOE by 07/06/10.