March 25, 2010

Energizer Duo USB Charger: Backdoor Trojan Issue

Can a battery charger present a security risk to your computer? You bet, it can. Of course, not a charger itself, but a free software that comes with it. US-CERT (a United States Computer Emergency Readiness Team which is part of the Department of Homeland Security) has just issued a Vulnerability Note stating that "Energizer DUO USB battery charger software allows unauthorized remote system access".

For reference, Energizer Holdings, Inc. is one of the world's largest manufacturers of batteries, battery-powered devices and flashlights. Chances are your portable player uses their batteries. In 2007, Energizer introduced Duo USB Charger that can charge Nickel Metal Hydride batteries from a USB port. It had optional downloadable software that let you view the battery charging status. Well, it has been found that this software included a file Arucer.dll which is a backdoor Trojan that allows unauthorized remote access to your computer. According to Symantec, this Trojan operates with the privileges of the logged-on user and listens for commands from anyone who connects and can perform various actions, such as the following:
• Download a file
• Execute a file
• Send a directory listing to the remote attacker
• Send files to the remote attacker
• Modify the registry

The solutions recommended by US-CERT are: remove the Arucer.dll file, remove "Run DLL as an App" exclusion from the Windows Firewall, and block or restrict network access. Energizer acknowledged the security issue. It has removed this software download and are now directing consumers to download an uninstall software that should eliminate the vulnerability.

No comments: