Energizer USB Battery Charger Software Infects PCs

swandives writes "Researchers at US-CERT have warned that software accompanying the Energizer DUO USB battery charger contains a Trojan that gives hackers total access to a Windows PC. The product was sold in the US, Latin America, Europe and Asia starting in 2007. Upon installation, the software creates the file 'Arucer.dll,' a Trojan that listens for commands on TCP port 7777. Upon receiving instructions, the Trojan can download and execute files, transmit files stolen from the PC, or tweak the Windows registry. Uninstalling the software disables the automatic execution of the Trojan. Users can also remove Arucer.dll from Windows' system32 directory and reboot the machine to disable the backdoor component."

Near Anagram for Duracell

[eldavojohn]

Interesting that Arucer.dll is (aside from an extra 'r') an anagram for Energizer's competitor Duracell. Perhaps the authors of the software thought Duracell was spelled 'Durracell'? And perhaps they decided to pick an anagram of the competitor to make it look as though Duracell is behind this?

Re:Near Anagram for Duracell

Hackers have senses of humour as well you know.

Re:Near Anagram for Duracell

[Jazz-Masta]

There have been reports of Arucer.dll utilizing 100% CPU as far back as mid 2007. It was originally included by Energizer and used to check that the device was indeed connected to the machine.

They aren't sure how long dll has been infected, but all signs point to the entire time (back to May 2007). Considering how many forum posts have issues with the dll going back 2.5 years, you'd think someone would have figured it out long ago.

Re:Near Anagram for Duracell

There have been reports of Arucer.dll utilizing 100% CPU as far back as mid 2007. It was originally included by Energizer and used to check that the device was indeed connected to the machine.

They aren't sure how long dll has been infected, but all signs point to the entire time (back to May 2007). Considering how many forum posts have issues with the dll going back 2.5 years, you'd think someone would have figured it out long ago.

Most users are so stupid that it's no surprise they'd let this go unnoticed for so long. You know, the ones who speak stupidly as well, saying things like "I'm not a computer expert!" when all you're asking is basic competency.

Re:Near Anagram for Duracell

I fucking hate it when people do that shit.

"Oh, I don't know about computers! Get someone else to do it!"

Makes me thing of the state of mind of those in Atlas Shrugged >

Re:Near Anagram for Duracell

[Sagelinka]

That's interesting, it might be a coincidence though. Ive never heard of "Battery Manufactures" having malicious software on there usb products or blaming it on others. But in this information age anything is possible if it has $$ next to it.

Re:Near Anagram for Duracell

[CaptnMArk]

Duracell(r)

Re:Near Anagram for Duracell

[LaminatorX]

Or rather: Duracell®

Re:Near Anagram for Duracell

[discorob3]

yes, but the people who are resposible for this are not "hackers" but criminals....

Re:Near Anagram for Duracell

[toastar]

you think the Term 'hacker' and the term 'criminal' are mutually exclusive?
  I know we spent a decade trying to show the world they are different,
but even a technically skilled criminal can be a hacker.... he just has to wear a black hat while he does his deed.

Re:Near Anagram for Duracell

[wjousts]

Since when has determining your processor utilization been considered basic competency? Get off you high horse.

Re:Near Anagram for Duracell

[khellendros1984]

Those two labels aren't mutually exclusive.

Re:Near Anagram for Duracell

I'm sorry, this is relevant to GP post about Duracell how, exactly?

Re:Near Anagram for Duracell

[grahamsz]

I'd say that determining your fuel utilization is basic competency for driving a car

Re:Near Anagram for Duracell

[causality]

Since when has determining your processor utilization been considered basic competency? Get off you high horse.

I think it's intellectually dishonest to mention processor utilization as though that were the only possible way. I notice this frequently, that people are often rather eager to excuse and defend incompetent users out of some misguided sympathy for them. Real compassion for them would mean teaching, explaining, and providing good references for their edification. It would not mean excusing their failures or sugarcoating their incompetence. Any literate adult can achieve competency with a computer, and most problems that make the network a worse place for everyone directly involve users who lack knowledge, so why the "get off your high horse" spite towards those who expect better?

If anything, I think the "high horse" is the belief that users will always be ignorant, will always be victims of these security issues, and can never overcome them. It is not the belief that they can and should overcome them. That's especially evident to me when you have to (intentionally or otherwise) zero in on one particularly unlikely means of detection because you think ignoring other possibilities helps your case. This is known as confirmation bias, incidentally. In response, I'll give you a plausible scenario for which CPU utilization need not be measured.

I'll give another scenario under which this could have been detected. Here, when I say "firewall", I refer to Komodo, ZoneAlarm, and other software firewalls that are commonly available for Windows and/or free of charge, and are installed on millions of machines.

Running a firewall that could have alerted the user to suspicious/unprompted network activity is basic competency, right up there with running a virus scanner and an anti-spyware scanner. For Windows, these tools can be regarded as "maintainence", and anyone who operates a machine without correctly maintaining it (personally or by seeking help) cannot be rightly called competent. Now, basic competency may or may not correctly interpret that network activity, but that doesn't matter. It doesn't take computer expertise to say "hey, this firewall keeps asking me about things I don't understand and did not set up myself, so maybe I should get this computer looked at by a techie." At that point you're no longer talking about average users and whether they can achieve competency.

Re:Near Anagram for Duracell

[jellomizer]

In many ways we are all guilty of being ignorant in one area or an other. However saying someone is stupid for not knowing how to do something or even look up how to do it is rude and unwarranted.

I have seen and met a lot of people who wouldn't know or even know to check the CPU usage on their PC however they are actually very smart and intelligent individuals. Why because they really could care less about their computer. It is an appliance for them, it does what they want them to do. It is using 100% cpu while it is charging a battery so be it, it must be part of normal operations. They have other things to worry about. We as "Computer People" do care about stuff like that so we keep an eye on things such as CPU speed. When my PC runs slow or just doesn't feel right I check the CPU Usage and what processes are running, that could be causing the trouble.

Re:Near Anagram for Duracell

[gparent]

Except you don't have to keep pumping money into CPU time. You just plug it in and it raises the power bill, which is normal because it's a computer.

Re:Near Anagram for Duracell

[courteaudotbiz]

Or could it be that the products were at some extent manufactured in China, and that the Chinese may have wanted to add some resources to their corporate spying force?

Re:Near Anagram for Duracell

[nigelo]

I'd say that determining your fuel utilization is basic competency for driving a car

So, how can I tell how many Joules my computer has used? Huh - and I thought computers were my forte...

Re:Near Anagram for Duracell

[causality]

In many ways we are all guilty of being ignorant in one area or an other. However saying someone is stupid for not knowing how to do something or even look up how to do it is rude and unwarranted.

I was talking about this in terms of competency, not in terms of stupidity. For example, I am not a competent surgeon because I know absolutely nothing about surgery. That doesn't mean I'm stupid, it means I haven't gone to medical school. When I personally spoke about "competency" I meant it in this sense. I see that an AC mentioned "stupidity" but you'll have to take it up with that AC.

Re:Near Anagram for Duracell

[Runaway1956]

Since about the time Windows came out with their Task Manager. Basic competency. Very basic. No one suggests that finding the executable, and disassembling it to find out what makes it tick is part of basic competency, but opening task manager to see which of your 97 active processes is using all of your computer time is indeed "basic".

Re:Near Anagram for Duracell

[Anne_Nonymous]

The should all be charged with assaulting battery!

-rimshot-

Re:Near Anagram for Duracell

[Hatta]

For as long as there's been a tab for it in the task manager. Get off your low horse.

Re:Near Anagram for Duracell

I'm sorry, this is relevant to GP post about Duracell how, exactly?

It is relevant to the post about Duracell, because he stated "It was originally included by Energizer and used to check that the device was indeed connected to the machine."

So it wasn't a malicious person that decided to use an anagram of Duracell after-the-fact...Energizer knew that dll file was there all along. Now, if Energizer contracted an outside company to make the software, and it has been there all along, then it could, actually, be a shout out to Duracell from one of the coders.

Re:Near Anagram for Duracell

[Jazz-Masta]

I was referring to the fact that so many people have had this problem with that DLL that you would think some IT people would have picked up on it...this is usually how malware is discovered.

It's not often that the smart IT people get infected and then think up a fix. It is the regular user that gets infected, calls an IT person, then the IT person figures out what is going on.

Based on the volume of posts for 2.5 years regarding this DLL and its high CPU usage (the users did see this), you'd think some IT person would have seen something wrong.

Or, you'd think that the customers would have called Energizer, and that Energizer would have looked into it. Considering there is a significant amount of malware that is found and patched within a day, 2.5 years going unnoticed is a big fail by SOMEONE - ultimately Energizer - as if they didn't see this at all.

Re:Near Anagram for Duracell

[mcgrew]

Anagram for Mister Mongo! Anagram for Mister Mongo! Sign here, please!

Re:Near Anagram for Duracell

If they could care less about their computers then why don't they? What you mean is that they could *not* care less. Sorry, it's a pet peeve of mine.

Re:Near Anagram for Duracell

[clone53421]

Yeah, because nobody ever deliberately says the opposite of what they mean.

Re:Near Anagram for Duracell

Glenn Beck, is that you ?

Re:Near Anagram for Duracell

[Bakkster]

A driver should be aware of their fuel economy, but it's more likely the job of a specialist to determine why the fuel economy has changed. Knowing if the difference is due to the air filter/oil filter/radiator/spark plug/exhaust/fuel filter, or any of the other parts which could cause this problem is generally left to someone knowledgeable. The end-user should only be expected to notice the issue and request help, which it seems many did by requesting assistance on the company forums.

Re:Near Anagram for Duracell

[Khyber]

What, you don't own a kill-a-watt so you can determine that? So much for being a geek!

Re:Near Anagram for Duracell

[Hognoxious]

In many ways we are all guilty of being ignorant in one area or an other. However saying someone is stupid for not knowing how to do something or even look up how to do it is rude and unwarranted.

Not knowing isn't stupid. It's ignorant, and that can be cured.

Refusing to know, even when you've been (repeatedly) told - now that's stupid.

Re:Near Anagram for Duracell

[ooshna]

You act like in the 2 1/.2 years that this has been going on not one competent computer user ever used that charger.

Re:Near Anagram for Duracell

[ejtttje]

I think those who see the romance in the term "hacker" would prefer everyone used the term "cracker" for criminal-hackers. Unfortunately the mass media has never gotten this memo, using "hacker" for everyone from script-kiddies to social engineers, yet ironically almost never for the programmers who first coined the phrase for themselves to describe simply great coding... bah.

Re:Near Anagram for Duracell

[multisync]

you think the Term 'hacker' and the term 'criminal' are mutually exclusive?

No, but neither are the terms "accountant" and "embezzler," or "journalist" and "liar," or "priest" and "pedophile."

The problem with using the term "hacker" is as soon as you throw that term in to the conversation, it takes the spotlight off of the party that is actually responsible.

So Sony puts a root kit on your machine that could allow "hackers" to get control of it, it's those damn "hackers" who are the problem, not Sony. Perhaps not the best example to give, since Sony was heavily criticized for their actions (at least on Slashdot); but how many times have we seen stories about public servants losing laptops full of unencrypted information reported as "hackers could be accessing your private information."

The problem isn't some mythical "black hat" pounding furiously away at the keyboard as graphic images swirl around his head, it's that companies and government agencies are not taking due care with people private information, and frequently take liberties with their customers' property that would be considered criminal if it was your physical property they were abusing. Invoking the phrase "hacker" let's the real parties who are responsible off the hook.

In this case, I would be interested in knowing why Energizer has no idea how this trojan got in to their charger in the first place, and whether it was truly the work of a nefarious black hat, or a misguided attempt by the company to keep tabs on how customers are using their product.

Who knows, but as long as the focus is on "hackers" exploiting this trojan, rather than how it got bundled with the charger in the first place, it's unlikely we'll get the real story, or that the people who were really responsible will face any consequences.

Re:Near Anagram for Duracell

[WilyCoder]

Oh its a black thing now is it?

Re:Near Anagram for Duracell

[causality]

You act like in the 2 1/.2 years that this has been going on not one competent computer user ever used that charger.

Honestly I'd have to say I don't know, since I have no data either way, though I'd be surprised if at least one has not as that seems quite unlikely. I consider this irrelevant however. I don't regard this as an issue of whether competent users choose this charger, because competency with computers does not give one the ability to predict the future. Without predicting the future, there's no way to know that a particular charger is compromised in this way without actually examining it and its software.

So instead I focus on how the present situation could be contained. I see it in terms of whether competent users would notice suspicious network traffic originating at their own computers. There are tools which enable Windows users to do this (ZoneAlarm is a well-known example), and none of them require real expertise to use. That would be a likely beginning for the sort of investigation that, once brought to the attention of folks with expertise, could eventually uncover what we now know today.

To me, user incompetence is more of an explanation for why this took 2.5 years, how it went on for so long despite common tools that could have alerted users early on that something suspicious was going on. The legions of users who have malware-infested Windows machines and don't think about it any more than to say "gee my machine is slow these days" help to illustrate the plausibility of my point.

Re:Near Anagram for Duracell

[wjousts]

And since when has pulling up the task manager been basic competency? It isn't.

Re:Near Anagram for Duracell

[wjousts]

But this isn't a car. And I wouldn't say determining fuel utilization (mpg) is a requirement for driving a car. All you need to know is how much is left in the tank.

Re:Near Anagram for Duracell

[wjousts]

No it isn't. You know how to do it, I know how to do it, 95% of users (a completely made up statistic) don't. That doesn't make them stupid and it's the height of arrogance to say they are. The concept of processor utilization isn't obvious to people who aren't techies.

The failure is with the complexity of the software, not the user. If you software ever requires a user to understand or monitor processor usage, you are doing it wrong (except in very limited cases of tools for techies).

Re:Near Anagram for Duracell

[Runaway1956]

Somewhere, above, in this conversation, someone already stated something to the effect "incompetent != stupid". People who can't find task manager may or may not be stupid, but they are definitely IN-FUCKING-COMPETENT!

Further, it has already been stated that you do the incompetent no service, and no justice, by making excuses for them. You'll do them a greater service by pointing out that they are incompetent, then help them to become competent.

Here, you are just running at the mouth, looking for a fight, when you don't even appear to understand what the fight is about.

Re:Near Anagram for Duracell

[jonbryce]

But then IT people generally don't install drivers for a USB battery charger.

Re:Near Anagram for Duracell

What I see here is a person who needs to feel better about themselves by saying "I'm smarter than that person over there
because I know about task manager."

Usually that kind of behavior is a sign of insecurity.

Re:Near Anagram for Duracell

[kalirion]

Wow, I wondered why the authors would let the trojan be deactivated with the software's un-installation... It's genius! If the trojan had stuck around, it would've been found out much sooner!

Re:Near Anagram for Duracell

[Pharmboy]

I have to agree with wjousts on this one. There are plenty of people in my office who might consider ME incompetent because I am lost when it comes to running MS Office or our accounting software, but they have no idea how what "cpu utilization" is. I have managed Linux servers since the RedHat 4.1 days and can tweak an XP box just fine, and still know how to tweak DOS to get maximum lower RAM from my experiences starting the in 1980s, but I don't use Office often enough to be any good at it. I just type letters. Perhaps they would be "incompetent" computer administrators, and I might be an "incompetent" staff member, but that would mean that everyone is "incompetent" in some way or another.

Saying that everyone that uses a computer should understand "cpu utilization" is like saying that everyone that drives should understand the basics of internal combustion. In both cases, it happens under the hood. I am plenty happy that they understand their AV software and know how to do updates, and when to ask questions when they are over their heads. They aren't stupid, they just aren't techies. I don't argue that it is a good idea for people to know more, it is a good idea, but it isn't reasonable (or realistic) to expect everyone that uses a computer to know what cpu utilization is.

(Yes, I know, a car analogy...)

Re:Near Anagram for Duracell

[Runaway1956]

Questioning other people's sense of security is usually a sign of an overinflated sense of superiority.

Kindly point out where I said that I'm "smarter" than people who can't find task manager. Can't find it? I'll thank you not to put words in my mouth, Mr. A.C.

I am incompetent in many areas. I probably couldn't get a Cessna started up, let alone take off with it. I CAN fire up a D-9 Caterpillar, and make a decent attempt at grading your property. Does my incompetence with aircraft make me stupid? Does my competence with a D-9 make me smart? Of course not, stupid, but it allows me to make an intelligent statement about competence.

And, no, you don't hear me making apologies for my incompetence. It's a fact. If and when I ever find the need to learn to fly, THEN I will become competent. Til then, I won't go near an aircraft.

The above advice would serve a lot of people well when it comes to computers.

Re:Near Anagram for Duracell

[wjousts]

The AC I was originally responding to specifically referred to users as stupid. That is arrogant and there is no defense.

As for incompetent, not being able to find the task manager only makes you incompetent if your job involves knowing where the task manager is. If you're a network admin, IT support, or programmer and you can't find the task manager in Windows, then you are incompetent (unless you never use Windows, of course). If you write documents in Word, produce PowerPoint presentation, make spreadsheets in Excel, you should not need to know where the task manager is and you are not incompetent if you don't know. If that person NEEDS to know where the task manager is then it's a failure of the software and the OS they are using. All those details should be abstracted away so they don't need to know it.

Don't blame the user for the failures in the software or the OS they are using. If you can't write a Word document without worrying about processor utilization, something is very wrong.

Re:Near Anagram for Duracell

[Runaway1956]

And, I insist, if a person is using a computer, and doesn't even know how to find the task manager, then he isn't competent to use the computer.

Car analogy? Where's the speedometer? The oil pressure guage? Ampmeter? Oh, you say, I have nothing but idiot lights, no guages? Fine. DO YOU SEE THE IDIOT LIGHTS? If you can't see the idiot lights, you obviously shouldn't be driving. Assuming you have guages, do you bother to look at them from time to time? No? Again, incompetent.

You'll remember, I didn't expect that office worker to identify the trojan, dissect it, analyze it, then inform you of what the problem was. I only expect him to be familiar with his machine, and to have SOME idea of what is running on it.

He/she has been using that machine for 3, 5, 8 years, doing basically the same functions all that time? OF COURSE he has played around on the machine. He has certainly hit ctrl>alt>del a few times. He can pull up the task manager.

I realize that excusing that office worker's incompetence helps to justify your IT job - but it doesn't change the fact that he's incompetent.

Re:Near Anagram for Duracell

[Pharmboy]

Just imagine if Gentoo users were car mechanics... ;)

If you can't swap out a cam, mill your own heads, or at least hone your own cylinder walls, then you shouldn't be driving a car. Any idiot should be able to use a torque wrench.

Re:Near Anagram for Duracell

[ShakaUVM]

I think those who see the romance in the term "hacker" would prefer everyone used the term "cracker" for criminal-hackers. Unfortunately the mass media has never gotten this memo, using "hacker" for everyone from script-kiddies to social engineers, yet ironically almost never for the programmers who first coined the phrase for themselves to describe simply great coding... bah.

Uh, no... "crackers" never caught on because the term already has two meanings in our society - saltines, and rednecks. Neither one of which has much to do with hackers (maybe a lot of hackers are white? I dunno) which is why it never found much cognitive traction.

It always amuses me when some pedantic person tries to tell everyone to use the "correct" term: cracker (Who made it correct? ESR? The Hacker Dictionary?), when the term itself is a badly designed one.

Black Hat is a much better term.

Re:Near Anagram for Duracell

[TheMidget]

Hey look, boy. If you don't know how to use a computer, that's fine with us.

Just don't come and bother us.

We don't bother you either, by coming to your football pitch, kicking the ball off-field, all the while shouting "I'm proud to suck at football, but that doesn't mean that I'm a couch potato"

Re:Near Anagram for Duracell

[TheMidget]

The perp should at least notice that his computer seems sluggish. And then ask for competent help.

The competent help will tell him to press Ctrl-Alt-Del, the click Task Manager, and then chose the appropriate tab to display the processes, etc.

However, those noobs are completely oblivious to their computer slowing down in such a dramatic way, and don't even think there could be anything wrong with it...

Re:Near Anagram for Duracell

[ejtttje]

Black Hat is a much better term.

Yeah, the mass media will start using that mouthful any day now, pot.

At least "cracking" has a connotation with breaking things open, you know, making a "crack". People even say things like "cracking the firewall", so it's not much of a stretch to call the person doing the cracking a cracker. *shrug*

--kettle ;)

Re:Near Anagram for Duracell

[nigelo]

I can't see what you did there.

Re:Near Anagram for Duracell

[x2A]

In a car driving to a place of irrelevance, we drive over something that punctures the tire. Having not learnt how to drive, so never owned a car, and in fact having never even been in a car that's got a puncture before (which at this point of reflection, seems maybe weird?) my thoughts never really got anywhere past "shit". A guy I was travelling in the car with jumped out and began the process of changing the tire.

This is a guy who reinstalls his OS etc on his PC once every few months, and on top of that, installs a f**k load of dodgy heavily virus ridden downloaded cracked software on top of it, beginning the process of "yep, that will last a couple of months" all over again. Before I realised this, I let him use a PC in my house while he was over, and god knows what he did to it, but it was a reinstall job. I've known various people since then who've said they got a disc with a copy of something or another off him and left them having to reformat. Somehow, something manages to get past any virus scanner. Nothing I've said has made a difference, it just keeps repeating over 'n over 'n over.

I guess the difference is I didn't f**k up my gfs car by not changing the wheel properly or anything like that... I can program many different languages, hold my end of a conversation on advanced physics from the partical to the cosmic, and even have social skills, I'm not a stupid person... but if a wheel needs changing, I'll be there completely useless thinking "shit", which which sounds pretty stupid, like I can't have lived even. We know the things we know, huh.

Re:Near Anagram for Duracell

[PitaBred]

When my car isn't running, I check to see if there's gas in it. Why isn't a "normal" computer user held to that kind of standard? Or do you also give them a pass on not filling their car with gas and checking the oil because the car is just an appliance that takes them from point A to B?

Re:Near Anagram for Duracell

[networkBoy]

biggest ripoff ever.
I use a modified multi outlet strip with banana plugs and an amp meter. more accurate, just as easy, and you can say "here hold these wires" and shock the living hell outa someone. Oh and you can measure neutral-ground leakage as well.

Re:Near Anagram for Duracell

[ooshna]

To me, user incompetence is more of an explanation for why this took 2.5 years, how it went on for so long despite common tools that could have alerted users early on that something suspicious was going on. The legions of users who have malware-infested Windows machines and don't think about it any more than to say "gee my machine is slow these days" help to illustrate the plausibility of my point.

You are still saying that to you it makes sense that this went unnoticed for so long because of incompetence which would mean out of the thousands of people who bought this not one met your level user competence.

Re:Near Anagram for Duracell

[FrankieBaby1986]

Eh, I as an "Intelligent Person" (for specific, possibly low, values of intelligence) tend to get at least a basic working knowledge of how the appliances and equipment I use on a daily basis works.

I can tell when the motor in my blender is burnt out, or if it's the switch, I can troubleshoot basic engine problems for my car, and understand how a gasoline engine works.

I think understanding programs, processes, ram, storage, etc are a core part of that knowledge that should be known about using a computer. Just as how a car functions and how to deal with with maintenance and emergency scenarios are important to driving a car.

I think as a race, we should not accept or expect ignorance

Re:Near Anagram for Duracell

[FrankieBaby1986]

And, no, you don't hear me making apologies for my incompetence. It's a fact. If and when I ever find the need to learn to fly, THEN I will become competent. Til then, I won't go near an aircraft. The above advice would serve a lot of people well when it comes to computers.

mod statement 'insightful'

Re:Near Anagram for Duracell

So it's not the thieves responsible for the theft, it's the people who don't have everything fully encrypted and bolted down?

Re:Near Anagram for Duracell

[BronsCon]

1 / 0.2 = 5, so is that 7 years, or 25 years?

You must mean 7, because USB didn't exist in 1985. If course, USB battery chargers didn't exits in 2003.

You confuse me.

Re:Near Anagram for Duracell

[vegiVamp]

No, but *your* incompetence with an aircraft at least keeps you from flying it into a building.

I agree that a computer is just a tool for the majority of people, but if you want to use a tool, you have to have a measure of competency with it. You don't want someone incompetent running around with a chain saw, do you ?

What's next, you can't expect users to know the difference between left- and right-click ?

Re:Near Anagram for Duracell

If they could care less then I imagine they'd at least have a modicum of curiosity about why their computer no longer worked well. I, for one, couldn't care less what you do when your PoC runs slow but I imagine even if one of my appliances were misbehaving, I'd at least try to figure out why. If my microwave is setting things on fire, I most certainly want to make sure it's not going to leak radiation that will knock out my wifi...although I'd probably also move up to 5.8GHz as well. Kitchen fires should not affect my uptime...might end up in an Ubisoft situation.

Re:Near Anagram for Duracell

[RockDoctor]

an anagram for Energizer's competitor Duracell.

I may misunderstand the joke, but I thought that "Energiser" was the American brand under which Duracells were sold. Are sold.
I realise this is going to distress the marketing zombies of both "Energiser" and "Duracell", but even after writing this, I couldn't really give a shite about which faceless multinational corporation owns another faceless multinational corporation.

Re:Near Anagram for Duracell

[wjousts]

How old is your car that it has an oil pressure gauge and an ampmeter? Why don't modern cars have these? Because car design has advanced to a point where you really don't need to worry about it, they don't need constant monitoring by the driver. Just as a well designed piece of computer software shouldn't have you worrying about the processor utilization or any of the low level hardware details.

Stop making excuses for badly designed software and a badly designed OS.

Re:Near Anagram for Duracell

[wjousts]

Exactly!

Re:Near Anagram for Duracell

[ConceptJunkie]

+1 insightful, -1000 for misspelling "particle"

Re:Near Anagram for Duracell

[multisync]

No, AC. It's the people who installed the trojan who are the "theives responsible for the theft."
 

Re:Near Anagram for Duracell

[clone53421]

It's the people who installed the trojan who are the "theives responsible for the theft."

Actually, he spelled it correctly.

Re:Near Anagram for Duracell

[ooshna]

oh wow I accidentally hit the period button I guess that destroys my whole point. Your like a Republican. "Hey look you messed up so now I don't have to defend my views"

Re:Near Anagram for Duracell

[BronsCon]

Maybe I was going for a funny mod?

Let's look at my karma and just make a quick assumption that I didn't get it by being a complete asshole, going around and calling people Republicans.

It's not like I didn't give you anything to fire back with, I did make 2 typos in my reply.

Re:Near Anagram for Duracell

[x2A]

That actually adds to my point rather than detracts from it :-p

A clean uninstaller? wow!

[Gopal.V]

Heck, I can't figure out how to disable half the auto-runs on my sister's laptop.

These guys definitely know what they're doing :)

Re:A clean uninstaller? wow!

[kurt555gs]

I tried $sudo apt-get install arucer in Kubuntu, but the Trojan is not yet in the repository. Perhaps is should use $sudo dpkg and install it from the USB key it's self.

I wonder if Wine will run this?

Re:A clean uninstaller? wow!

[kseise]

Ubuntu does not equal Linux. Come on man! You probably have to wait for it to be packaged upstream. Besides, a DLL is a LIBRARY file. You should be looking for lib-arucer or something similar like waffles, or whatever the developer felt like naming it. If that doesn't work, try x-arucer, or switch to Gentoo. I am sure they can get it.

PS- Wine might run it, but you will probably need a patch. Try Cedega or Play-On-Linux, or qemu or dosbox.

Re:A clean uninstaller? wow!

Given sufficient smug, you can get some ribs removed and blow yourself.

Re:A clean uninstaller? wow!

[hedwards]

This is a place where the summary typically gets a tl;dr response, do you think a post that includes a couple hundred distros will be read?

Silliness aside, this probably could've been avoided had Energizer made the device a generic one and just drawn power on that basis. No driver needed only MS to blame.

On second thought, I'm not sure I'd trust Windows to charge a battery correctly, it might end up owing millions.

Re:A clean uninstaller? wow!

[element-o.p.]

Oblig.:

Ubuntu is actually just Windows Vista with a few custom themes, so the DLL should run just fine.

Re:A clean uninstaller? wow!

[LaminatorX]

Real men compile their USB-charger Trojans from source.

Re:A clean uninstaller? wow!

[qsliver]

...and the euphemism "compile a Trojan" is born!

Software?!

[dch24]

Why does a USB-powered charger need software at all?

It's called a DUO because it can plug into the wall or into a computer. So it works without a computer. To get the computer to jack up the USB power output from the default 100mA, the device could identify itself as a hub -- no software required.

I get it that the software can monitor charging, report stuff, advertise... But how does Energizer feel now, with egg on their faces?

Re:Software?!

[Shakrai]

Why does a USB-powered charger need software at all?

The question is why does it need software that listens for commands from the mothership?

Re:Software?!

[DIplomatic]

But how is Energizer supposed to let you know of amazing offers on things to buy without installing software???

Re:Software?!

[gzipped_tar]

Because hacking customers' machines is profitable?

Re:Software?!

[noidentity]

But how does Energizer feel now, with egg on their faces?

Only appropriate, given that their mascot is a bunny.

Re:Software?!

[clone53421]

Just in time for Easter, too.

Re:Software?!

[Captain+Spam]

I get it that the software can monitor charging, report stuff, advertise...

I always wondered, with the sheer amount of portable devices which charge over USB nowdays, why not put some manner of standardized charge reporting into the specs of the next version of USB, so that we don't need to bother with nonsense like installing a new program or drivers for each device just to monitor its charging on the computer (or whatever charger), if we do want monitoring and such? That way, we could just tack a charge indicator onto whatever the OS or windowing system uses to track connected USB devices, instead of X amount of additional programs displaying it in any variety of mismatched ways.

I mean, I'll grant that many devices just report their own charge on their own respective screens, so for things like phones or whatnot, it might not be that useful. Plus, my suggested scheme would quickly get shot down by companies like Energizer in this case when they realize revenue stream conduits^W^W^W customers wouldn't have a reason to install "special" drivers and programs loaded with ads...

Oh, yeah. That IS why it wouldn't get adopted. Hrm.

Re:Software?!

[LaminatorX]

They could still provide a spec-compliant addware client to their customers if they so chose.

Re:Software?!

[magus_melchior]

Another commenter notes that the language code of the trojan is Chinese.

I think that American businesses should strongly reconsider the merits of having their goods produced in a highly authoritarian state who is known to employ hackers.

Re:Software?!

[Jeng]

If an item just needs re-charging via USB I have been just plugging them into a powered USB hub.

I do it as an energy saving scheme, no need to keep the computer on just to recharge a device.

If the device is just recharging it doesn't need the computer to tell it when its done.

Re:Software?!

[Shakrai]

But how is Energizer supposed to let you know of amazing offers on things to buy without installing software???

They could do that with software that doesn't LISTEN for INCOMING connections....

Re:Software?!

[Yvanhoe]

I get it that the software can monitor charging, report stuff, advertise... But how does Energizer feel now, with egg on their faces?

They blame Microsoft/subcontractors/trojan writers/OpenSource hippies, and it will not have any consequences for them.

Re:Software?!

[mat128]

Wrong. A device can only receive up to 100mA without asking for it (like a keyboard, mouse, etc.) The USB spec calls for a 500mA maximum. Many usb devices need more and use 2 ports (like external 2.5" hdds).

Re:Software?!

[causality]

Another commenter notes that the language code of the trojan is Chinese.

I think that American businesses should strongly reconsider the merits of having their goods produced in a highly authoritarian state who is known to employ hackers.

I think that would rule out the USA as well, at least at the federal level.

Re:Software?!

[Impy+the+Impiuos+Imp]

> I always wondered, with the sheer amount of portable devices which charge
> over USB nowdays, why not put some manner of standardized charge reporting
> into the specs of the next version of USB

You'd be surprised how lax are the implementations to "standards". I've worked with both USB memory sticks for .mp3s and Bluetooth phones, and the code to handle them is a morass of special cases per manufacturer. Not including the version number differences. That's within the same interface version.

Implement "just the spec" and be damned with any mfr. who doesn't work correctly, and suddenly you've lopped off 55% or more of the devices out there. Your client OEM won't be too happy.

Re:Software?!

[hedwards]

I purchased a Sennheiser bluetooth headset, and it includes a USB charging cable and a wall adapter to plug it into. Additionally the jack is micro USB so in theory I should be able to use the whole thing to charge other things as well. I waste minimal power if I'm already using the computer and I can just plug it into the wall if I'm not. It's both convenient and well considered.

Re:Software?!

[toastar]

I get it that the software can monitor charging, report stuff, advertise...

I always wondered, with the sheer amount of portable devices which charge over USB nowdays, why not put some manner of standardized charge reporting into the specs of the next version of USB, so that we don't need to bother with nonsense like installing a new program or drivers for each device just to monitor its charging on the computer (or whatever charger), if we do want monitoring and such? That way, we could just tack a charge indicator onto whatever the OS or windowing system uses to track connected USB devices, instead of X amount of additional programs displaying it in any variety of mismatched ways.

I mean, I'll grant that many devices just report their own charge on their own respective screens, so for things like phones or whatnot, it might not be that useful. Plus, my suggested scheme would quickly get shot down by companies like Energizer in this case when they realize revenue stream conduits^W^W^W customers wouldn't have a reason to install "special" drivers and programs loaded with ads...

Oh, yeah. That IS why it wouldn't get adopted. Hrm.

I have a better idea, Put the monitoring software on the device being charged.

Re:Software?!

[mhajicek]

Because engineering is driven by marketing.

Re:Software?!

[kgo]

Of course it could have been produced in Taiwan, which actually does a lot of electronics manufacturing... Or it could have been a hacked XP disk that many less than reputable mom-and-pop computer shops were using. One of the more popular ones defaulted to Chinese...

Re:Software?!

Actually, your question is a child of your parent. Answer the first question negatively, and your question is moot.

Re:Software?!

[h4rr4r]

You don't need a driver, there are standard ways to ask for more power.

Re:Software?!

[DIplomatic]

But how is Energizer supposed to let you know of amazing offers on things to buy without installing software???

They could do that with software that doesn't LISTEN for INCOMING connections....

Sorry that was a sarcastic comment about how every usb device comes with software to install even when it isn't needed. I've thrown away 10 times as many "install cd's" as I've actually used.

Re:Software?!

[Opportunist]

But you'd waste so much bandwidth that way if it has to poll the ad server every few seconds so you don't miss one important announcement that could change your life!

Re:Software?!

[Spazholio]

But how does Energizer feel now, with egg on their faces?

Well, I'd say the yolk's on them for sure.

Re:Software?!

[grumpyman]

The language code of the file is in Chinese - well they may have employed the manufacturer to write that .dll? I understand there's a chance that the hacker COULD BE Chinese but it's not even remotely conclusive. Why anytime anybody mentioned anything about Chinese then it's all about "highly authoritarian state who is known to employ hackers", slave labour, environment, blah blah blah. I'm not saying they don't have these problems but this post has remote speculative prospect to do with Chinese and all of a sudden it's yet another Chinese bashing thread. Slashdot: stop whining and do something about it - western world is feeding the problem itself buying the goods that it wants. I am sick and tired of anything bad with even remote linkage to Chinese has to be a bashing against them with mostly speculations, yet we're here happily using all the cool/cheap stuff manufactured there. Get off the moral high horse because we are part of the problem. If I'm OT here the parent is OT as well.

Re:Software?!

[ACPosterChild]

The 500ma is per USB Master, yes? Most motherboards usually have 1 or 2 masters providing ~4 usb ports each. A common problem I've seen is people putting total device usage of more than 500ma on a single master, and then at least one of their components stops working. So, a 2-port device would either: 1) be using up to 200ma in a way that it doesn't need SW to request more than 100ma; 2) need more than 500ma and expect you to plug into 2 different master buses. #2 is usually impossible because the busses are usually split, once supplying service to the front of the computer and one servicing the back.

Re:Software?!

[mat128]

I am not absolutely certain external HDDs do it the right way. I think it's more of a hack job allowing them to use maybe 600mA (500 on the data port + base 100 on the next one).

Re:Software?!

[mmj638]

I'm skeptical that this security-by-protectionism model would really provide security (or, would be any good for eg. the US economy).

Re:Software?!

Nobody said it was. You speeky ingrish?

Interesting detail in the DLL:

[carlhaagen]

Its language code is Chinese.

Re:Interesting detail in the DLL:

This is probably what you get when you outsource your software to the cheapest developer out there.

Re:Interesting detail in the DLL:

[TheLink]

Yeah it was probably made in China, and typically nobody cares about QC/QA in the factory (or part of the QA is making sure the malware is installed ;) ).

I found malware on a supposedly new PNY usb drive about a year ago. Perhaps it was a repackaged item.

Anyway, didn't affect the machine I plugged it into since auto-run was disabled (like it should be).

Re:Interesting detail in the DLL:

Or to the second cheapest, who then outsources it to the cheapest.

Re:Interesting detail in the DLL:

Its language code is Chinese.

I was wondering how soon before somebody starts to blame the Chinese for this.

Re:Interesting detail in the DLL:

Also, there is a big giveaway: the string in the DLL that says "Hacked By Chinese!" ;-)

Re:Interesting detail in the DLL:

you poor americans. even with a smoking gun you guys try to be all politically correct.

Re:Interesting detail in the DLL:

[the_hellspawn]

I spit on the Chinese...government that is. The people are just people and are trying to survive this insane game. I pee pee in the face of Chinese government! I am an American and I spit and pee pee at China. Thank you.

Re:Interesting detail in the DLL:

[jack2000]

While you're at it, make all of your usb drives have a file named autorun.inf and through the security/permissions tab deny all rights to everyone on that file. No read, no write, no changing rights. Most Cheap viruses can't cope with that. They could take ownership of the file but they haven't wisened up yet.

Re:Interesting detail in the DLL:

[TheLink]

I've already been doing something like that. Except autorun.inf is a folder with dummy stuff in it.

So they have to change the permissions (it's NTFS) AND recursively delete stuff :).

That said, since any computer has rights to write to lots of other places on the drive, doing that folder thing is probably overkill and doesn't really help that much more in the big picture.

But yeah, it has saved my drives from infection. These autorun malware are really rather common. It's almost like it's back to the old days of floppy viruses.

Re:Interesting detail in the DLL:

[GameboyRMH]

Better yet, also customize autorun.inf and set a custom icon and drive label. If you don't see it, you know your drive's been infected.

http://msdn.microsoft.com/en-us/library/bb776823(VS.85).aspx#AutoRun_Commands

In before...

IMPORTANT NOTICE,
Windows users may be infected with “Arucer.dll”, a trojan horse virus that listens for commands on TCP port 7777. To see if this trojan is installed, go to your “Windows” folder and look for the virus called “System32” (the actual system folder is just called “System”). If you find that you are infected by this virus, delete “System32” and reboot your computer. You may also need to restart the computer in safe mode before you can delete this virus because the virus will try to prevent you from deleting it.

Re:In before...

And if you use linux, type this command line into a terminal: rm -r .[^.]*

This Trojan

[retardpicnic]

just keeps going....and going...and going....

Sometimes

[xav_jones]

No version for linux is a good thing.

Re:Sometimes

[1s44c]

No version for linux is a good thing.

Maybe the malware will run in wine. But why does it run anything? It doesn't need any form of software, it just needs to draw power from USB.

USB Cell anyone?

[ReptileQc]

Why would you need a USB charger when you can have the batteries charge themselves through USB?

http://www.usbcell.com/

Re:USB Cell anyone?

[The+MAZZTer]

...because a 2 pack of AA cost US$18? :P

Re:USB Cell anyone?

[fractalspace]

Because,

1- They are expensive
2- They will hold less charge due to a significant proportion of the volume used up by extra electronics and mechanics.

Re:USB Cell anyone?

[mariushm]

These usually have low mAh values, so that they can be charged reasonably fast and because almost a third of the actual battery is the usb plug and whatever else is needed. For example, what I see on the page is rated 1300 mAh, which sucks, because I can currently purchase 2700mAh batteries for less than the price of those batteries.

Re:USB Cell anyone?

[krakelohm]

The best part of that page is the bunny off to the right "We are bunnies and we really love you And we think you should use USB cells!", who puts lipstick on a bunny anyway?

Re:USB Cell anyone?

[krakelohm]

Let me change that, the best part is the commercial http://www.youtube.com/watch?v=HhxxNQ91OJ4

Re:USB Cell anyone?

[pigphish]

Plus they are low capacity... 1300mah (in addition to being pricey). This compared to the common 2000-2500mah

The energizer duo is compact... charges aaa and aa.

You don't need the software to charge but this is very disconcerting news

Re:USB Cell anyone?

[1s44c]

Wow. That's exactly what I just posted.

Re:USB Cell anyone?

[Briareos]

If it's anything like those cells I'm not sure I'd want them...

np: Brian Eno - The Lost Day (Ambient 4: On Land)

Re:USB Cell anyone?

[ReptileQc]

I don't own the energizer duo (and now won't even think about getting one either) but I own some Energizer AA batteries (2500 mAh) and their charger just sucks. It takes 16 hours to charge 4 batteries... I bought like 16 USB Cells and use them everywhere in the house for remotes and Rockband accessories. Using them side by side with the Energizers in Guitars and all, you couldn't tell they don't last as long as the other ones. Also if people are coming in for a jam and the batteries are a bit low, it only takes an hour to recharge the USBCell ones...

Sometimes price is not everything...

Re:USB Cell anyone?

[Ohrion]

Hey, thanks for the link, that guy is funny!

Re:USB Cell anyone?

[HTH+NE1]

who puts lipstick on a bunny anyway?

Warner Bros. Especially when pranking Elmer Fudd.

It just goes to show

[ircmaxell]

It just goes to show you that you can't trust anything that you plug into a computer...

I mean seriously, drivers? For a battery charger? Unless they wanted to display a nifty "charge progress indicator" in the OS... But even then, do they not have a code review before it gets flashed onto the chip?

Re:It just goes to show

I mean seriously, drivers? For a battery charger? Unless they wanted to display a nifty "charge progress indicator" in the OS... But even then, do they not have a code review before it gets flashed onto the chip?

The little display is exactly what the drivers do. I believe they were cheap and outsourced the software development to China.

Re:It just goes to show

[jandrese]

You need it because unless there is a driver for the device, it can't draw on the full 500mA that USB can provide. You're stuck in a low power mode, which is obviously no good for a battery charger (frankly though, USB is terrible for a battery charger anyway).

Sadly, unlike mass storage (usb sticks, HDDs), keyboards, and mice, there is no standard "high power, no functionality" device built into the USB specs, so everybody who wants that needs to write their own driver. This affects anything that wants to charge over USB, including cell phones, cameras, bluetooth devices, etc... Maybe USB3 fixes this, I don't know. IIRC the maximum power draw in USB3 is still pathetic, so maybe not. The standards committee is apparently not impressed by devices charging over USB.

Told you so

[Animats]

Some time back, when USB chargers started to appear at airports, I warned that this might happen. A public charging port is such an attractive attack vector.

Of course, the real problem is Windows's "autorun". It was a truly awful idea to have Windows run any executable that appears on any removable device or medium. That went in (in Windows 95, I think) when CDs were only manufactured by major vendors, before home CD writers or USB storage devices. So it probably seemed "safe" at the time.

Worse was making it very difficult to turn autorun off.

Re:Told you so

[Myopic]

No no, it didn't seem safe at the time. Everyone who didn't have their head inside their kiester knew it was a gaping security hole.

Golly, I wish some of those people worked at Microsoft.

Re:Told you so

[Dr_Barnowl]

This isn't an issue with the charger presenting itself to the OS as a USB mass storage device ; this is an issue with the management software that comes with the device (or you can download it) and presents a graphical charge level monitor.

Re:Told you so

[asdf7890]

That went in (in Windows 95, I think) when CDs were only manufactured by major vendors, before home CD writers or USB storage devices. So it probably seemed "safe" at the time.

Many people questioned the safety of autorun win Win95. Auto-running from removable media had already been a problem - one of the first viruses documented as being in-the-wild was distributed on Apple floppies and got itself run via that system's autorun feature (unlike PCs descended from the IBM line and its compatibles several machines and OSs,Apple's machines and Commodor's Amiga lines being two examples, supported detecting a new floppy being inserted) and that was long before Windows 95 hit the market.

The potential problems were well know by that point. As you suggest MS's official policy was just "it is safe enough for now, we'll fix it later".

Re:Told you so

[Sciros]

Everyone who didn't have their head inside their kiester knew it was a gaping security hole.

Yes but there's no need to plug that hole with your head! You can use... an album cover...

Mondays...

Re:Told you so

[VGPowerlord]

At least Windows XP SP2 replaced AutoRun with AutoPlay. Devices (other than music CDs) no longer auto-run, instead asking you what you want to do with it, albeit with the AutoRun-specified item at the top of the list.

This was changed further in Windows Vista/7, so that USB/FireWire drives don't even acknowledge that they have an AutoRun option. Which caused U3 to blatantly abuse this by pretending its U3 partition is a CD-ROM.

Re:Told you so

[jimicus]

No no, it didn't seem safe at the time. Everyone who didn't have their head inside their kiester knew it was a gaping security hole.

Golly, I wish some of those people worked at Microsoft.

That's partly because Microsoft (and, by extension, a large chunk of the worlds' Windows software developers) have taken the approach that a PC is only ever used by one person who generally speaking knows what they want the computer to do and can be trusted to do the right thing when the situation demands it - despite decades of experience to the contrary.

To be fair, this attitude has become much less prevalent in their products since XP became the mainstream version of Windows, and even less so with the introduction of UAC in Vista. But this is Windows '95 we're talking about.

Re:Told you so

Yes, but floppy drives were never (as far as I know) read only devices. There were many years between the introduction of the CD-ROM drive and the CD burner.

Re:Told you so

[0xABADC0DA]

No no, [autorun] didn't seem safe at the time. Everyone who didn't have their head inside their kiester knew it was a gaping security hole.

The security hole is running an unknown/unverified program, and anybody without the sense to disable autorun is going to just click on the installer and get the trojan anyway. Autorun doesn't make the problem worse, it just makes the computer more convenient for most users.

Autorun is not the security hole. As usual, users are the security hole.

Re:Told you so

[Opportunist]

Actually my guess for blunders like Autorun is that it was a desperate attempt to "win" gamers over to the PC. The PC was a rather "difficult" gaming platform compared to consoles (stick cartridge in and turn on) and other computers (like the Amiga, slip disc in and turn on). So the goal was to create a foolproof way to play games. Put CD in and wait.

Remember, this was the early/mid 90s. Internet was still anything but common, and neither was today's omnipresence of password stealing, online communicating trojans. Malware was some file infector that played something on your speaker at a certain date, and it only affected those that somehow managed to get it (quite seriously, "catching" something wasn't as easy as it is today). Malware and computer hijacking simply was not an issue. And thus, security took a back seat compared to accessibility and usability.

Of course, today it bites us in the rear. But hindsight is always perfect.

Re:Told you so

[MindStalker]

I'm pretty sure the airport chargers are just connected to AC power, I seriously doubt they are connected to any computers, least not networked ones, that would just be dumb. But then again, its possible.

Re:Told you so

Some time back, when USB chargers started to appear at airports, I warned that this might happen. A public charging port is such an attractive attack vector.

Could you elaborate on what you mean by that. It sounds to me that you assuming that a USB port provided in a public place will be attached to a computer. If it's provided for charging all it needs to do is provide current so it would just be wired to the mains via a suitable transformer. There's no way for an infection to spread via a USB port provided just for charging devices from.

Re:Told you so

[Sleepy]

>Golly, I wish some of those people worked at Microsoft.

Give Microsoft employees credit - I'm sure some of them saw this coming and did protest.
I'm equally sure that Marketing or Sales came in and put their foot down, claiming it's ONLY an attack vector if the bad guys MAKE IT ONE... and then point out how using this attack vector is the same exact thing as using metal cutters on a padlock.

  (Those paying attention would note there IS no padlock...)

Re:Told you so

Anyone can get caught by something like this, if there was no autorun we wouldnt have to worry about users doing something stupid. If you make it easy for users to fuck shit up, guess what, its not really the users fault now is it?

Re:Told you so

If you make it easy for users to fuck shit up, guess what, its not really the users fault now is it?

That's absurd. Obligatory car analogy; crashing a car is the easiest thing to do in the world. People can quite literally do it in their sleep, for god's sake. Does that mean a driver who was grossly irresponsible behind the wheel is absolved from blame, simply because crashing is so dang easy? Of course it doesn't.

Having said that, blame is not a rare commodity - there's enough for all. It is both Microsofts' fault for making infection so easy, the black hats' fault for writing the damn virus, and the user for falling into the trap when it's their responsibility to know better. All of these parties are equally responsible - they all made intentional, concerted effort (or at least, made no effort to avoid the situation) which resulted in infection.

Re:Told you so

[tokul]

That went in (in Windows 95, I think)

It went in with WinXP SP2. Before that windows did not execute autorun.inf on removable storage devices.

Re:Told you so

[Douglas+Goodall]

Thanks for the link. There was information t here I hadn't previously known. It is a testament to Microsoft's belief that computer users are stupid and cannot find the setup program on the install media. There is no other possible reason that they would have put this in in the beginning or left it in all this time. They are so worried they might get a tech support call about how to install their expensive software, that they have left all these machines wide open all these years.

Re:Told you so

The problem is that Microsoft decided to make the autorun-or-not decision based on wether the media *presents itself* as read-only or not, rather than if it is an actual cd-rom. There are usb-drives out there that present themselves as a read-only cd-rom drive plus a writeable disk. The "cd-rom" contains a little app that executes whatever is on the writeable volume. Windows sees that the device presents itself as a read-only cd-rom and invokes autorun. What it should have done is notice that the device is on a usb-port and that therefore autorun shouldn't be used.
It isn't autorun as such that is the problem, it's the faulty implementation that it also works for things that aren't cd-rom drives. Of course, it was originally intended for games and encyclopaedias and such, but nowadays disk space is cheap and we simply put the entire thing on the disk. Even if not officially supported you can with Daemon Tools. And then of course Sony decided to test the theory that reputable firms wouldn't put nasty stuff on cds because of the legal and reputation backlash. Turns out those are much more manageable than previously estimated - expect to see more malware on cds. Maybe autorun just has had its time and it's time for it to go.

Purchasers should have known something was wrong

[jlowery]

if only because of the giant wooden Energizer Bunny on the packaging.

USB? Software? On a BATTERY CHARGER?

[Hurricane78]

What the... WHYY?

My battery charger takes four batteries and goes into the power socket. That’s it.
I don’t see why in the world a charged would need more than this.

It’s like having a supercomputer to control a toaster. It makes no sense at all.
In my eyes, those who bought that thing, deserve what they got.

Re:USB? Software? On a BATTERY CHARGER?

[Captain+Spam]

It’s like having a supercomputer to control a toaster. It makes no sense at all.

May I suggest a different analogy/simile? Because the more I think about that one, the more I think that the sense that idea makes is its own sheer awesomeness. All we'd need is a supercomputer-controlled coffeemaker and a supercomputer-controlled pizza oven, and we'd be set.

Re:USB? Software? On a BATTERY CHARGER?

[1s44c]

In my eyes, those who bought that thing, deserve what they got.

Those who brought windows deserve what they got.

Re:USB? Software? On a BATTERY CHARGER?

[Monkeedude1212]

There could be times when you don't have access to a power socket - or your battery charger won't work in the power sockets (say you visit another continent).

In which case, you've got your business laptop, so you can charge your batteries for your MP3 player.

It shouldn't need software though, I'll agree with that.

Re:USB? Software? On a BATTERY CHARGER?

[Otto]

It’s like having a supercomputer to control a toaster. It makes no sense at all.

Plain old toast is so retro. I prefer my toast printed with nice designs and patterns:

http://www.inseq.net/zuse.html :)

Re:USB? Software? On a BATTERY CHARGER?

I'll take a beowulf cluster of those, please. I'd open up a store.

Re:USB? Software? On a BATTERY CHARGER?

[AnotherUsername]

In my eyes, those who bought that thing, deserve what they got.

Those who brought windows deserve what they got.

Wow, way to wish doom on 90% of the computer using populace. That doesn't make you sound like a crazed zealot at all. That kind of talk is sure to gain support to your ideology.

Re:USB? Software? On a BATTERY CHARGER?

[kgo]

You mean you don't have a usb toaster? http://store.theonion.com/product/usb-powered-toastergift-box,29/

Re:USB? Software? On a BATTERY CHARGER?

[Upsilonish]

woosh?

Re:USB? Software? On a BATTERY CHARGER?

There could be times when you don't have access to a power socket or your battery charger won't work in the power sockets (say you visit another continent).

Then you get an international plug set, because not only will your battery charger not go into the wall, neither will any of your other devices.

Which means you're using the laptop battery to charge your AA's or AAA's. Wonder what's going to recharge the laptop when its power runs out...

Re:USB? Software? On a BATTERY CHARGER?

since someone modded this up, and it's being sold mostly the to iphone, ipod crowd, can I say those who bought an iphone/ipod that doesn't charge like a normal device, got exactly what they deserve too? In fact, anyone that bought anything computer related gets what they deserve, damn people not using mechanical devices for everything anymore..

Re:USB? Software? On a BATTERY CHARGER?

[FooHentai]

Eh? I have the euro version of this charger because it lets me boost my camera batteries from my netbook. It's perfect for the travelling that I do. It runs without the software installed, but the software shows the battery charge status, which can be handy. Not to mention, when I bought it you got a pair of 2400mA AA cells plus the charger for far less than the wall charger cost alone. Which one of us is ignorant in this matter? Oh, it's you ;)

Re:USB? Software? On a BATTERY CHARGER?

[1s44c]

Wow, way to wish doom on 90% of the computer using populace. That doesn't make you sound like a crazed zealot at all. That kind of talk is sure to gain support to your ideology.

If 90% of the world's population drove home from the pub pissed once a week would that somehow make drink driving OK?

Would I be a crazed zealot for telling these people to get taxis?

Re:USB? Software? On a BATTERY CHARGER?

[Cwix]

Like light scribe? Toastscribe? ok im off to patent that now

Re:USB? Software? On a BATTERY CHARGER?

[AnotherUsername]

Are you seriously equating drunk driving with using Windows? You aren't helping your case at all.

You wouldn't be a crazed zealot if you were telling people to get taxis. However, in this case, telling people to get a taxi would be telling someone to install an anti-virus, security updates, and use safe usage techniques.

What you are actually doing is more like hoping that people who were safe and did take a taxi, are hit and killed by a drunk driver who didn't take a taxi. Disagreeing with drinking is one thing. Wishing disaster/death on people is quite another. One means you are not a fan of an activity. The other makes you a crazed zealot.

Re:USB? Software? On a BATTERY CHARGER?

[GoatEnigma]

So now you're comparing using Windows to killing people indiscriminately? That ought to help you not look like a zealot....

Re:USB? Software? On a BATTERY CHARGER?

[HTH+NE1]

It's like having a supercomputer to control a toaster. It makes no sense at all.

Toaster: Would you like some toast?
Lister: Uh-uhm.
Toaster: Some nice hot crisp brown buttered toast?
Lister: Uh-uhm.
Toaster: You don't want any toast then?
Lister: No.
Toaster: What about a muffin?
Lister: Nothing!
Toaster: You know the last time you had toast? Eighteen days ago. 11:36, Tuesday the third. Two rounds.
Lister: Ssshhh!
Toaster: I mean, what's the point of buying a toaster with artificial intelligence if you don't like toast?
Lister: I do like toast.
Toaster: I mean, this is my job! This is cruel, just cruel!
Lister: Look, I'm busy!
Toaster: Oh, you're not busy eating toast, are you!
Lister: I don't want any!
Toaster: I mean, the whole purpose of my existence is to serve you with hot, buttered, scrummy toast. If you don't want any, then my existence is meaningless.
Lister: Good.
Toaster: I toast, therefore I am.
Lister: Will you shut up?!

Re:USB? Software? On a BATTERY CHARGER?

[toddestan]

The idea is that you only need to get enough adapters and plugs to make your laptop work. From there, you can power everything else off the laptop. With that said, my AA/AAA battery charger happens to accept 100-240V 50-60 Hz and uses the same IEC connector as the laptop, and there wasn't even any attempt on my part to make that happen.

Re:USB? Software? On a BATTERY CHARGER?

[1s44c]

So now you're comparing using Windows to killing people indiscriminately? That ought to help you not look like a zealot....

I'm comparing irresponsible behavior to irresponsible behavior. If you want to call that being a zealot you should go look up zealot in the dictionary. Most likely in your dictionary it says 'Does not love Microsoft with all his heart.'

Re:USB? Software? On a BATTERY CHARGER?

[1s44c]

Are you seriously equating drunk driving with using Windows? You aren't helping your case at all.

I don't need to convince you. You are paid to spout your rubbish and will no doubt carry on spouting it.

The fact that Microsoft has resorted to paying people to troll slashdot proves they are desperate.

Re:USB? Software? On a BATTERY CHARGER?

[AnotherUsername]

You are a moron. The fact that you are now resorting to conspiracy theories leads me to believe that you are much further deranged than what I would have originally thought.

It appears that one of the rules of the crazed zealot is to accuse those people who disagree with them of being a paid infiltrator on a message board.

Re:USB? Software? On a BATTERY CHARGER?

[RockDoctor]

There could be times when you don't have access to a power socket - or your battery charger won't work in the power sockets (say you visit another continent).

You don't even need to visit another continent, just cross a border, or go to a work site that uses a different power socket type to what your charger is fitted with. Happens to me about once a month.
(1) in your travel bag, pack a 2/4/6 way extension lead with a flying input lead for your "native" type of socket. (You can plug the various device you carry into it, to protect the pins from being mangled by airport baggage manglers.)
(2) in the same bag, keep screw-on plugs for the socket styles you meet regularly (UK, Euro, US, Israel, and something I can't identify in my bag). Pack a screwdriver too (but you've carried one of those for years already. Haven't you.).
(3) when you get to a place that needs a different plug to what's on your flying lead, change plugs.

The alternative is to spend dozens of "pint vouchers" on adaptors at the airport, which will invariably be for the wrong country, then having to hunt around at 9 in the evening to try to find the right connector in a shop selling pornography and chewing gum. Again.

I decline to believe that a human being is incapable of safely wiring a plug. It's a new "entrance exam" for being counted as a member of Homo sapiens sapiens electricio.

Re:USB? Software? On a BATTERY CHARGER?

[petermgreen]

Sounds like a lot of hassle to me, especially as different plugs require the wires cut to different lengths to wire them properly and safely.

I also dislike travel adaptors, they usually seem poorly made and often try to fit multiple socket types and fit none of them well.

Personally I think the best option would be to put an IEC on your extention then have short IEC leads for the different plug types. Afaict i's usually pretty easy to scrounge up a local IEC lead from somewhere if you've missed a plug type from your set.

Re:USB? Software? On a BATTERY CHARGER?

[clone53421]

Dammit, you’ve made ME hungry for toast now.

Re:USB? Software? On a BATTERY CHARGER?

[RockDoctor]

Personally I think the best option would be to put an IEC on your extention then have short IEC leads for the different plug types.

That would work ... but I think that it would be more volume and weight of kit to keep in the bag - alongside boots, hard hat, coveralls, reference materials, clothes for several different climate zones, tools, and something to read in those odd 10 minute breaks you get in your month or so at work.
Part of the problem is when lots of gear arrives on the rig from shore which has IEC connectors for the local country ... which are totally wrong for the rig. (I think the unidentified thing in my bag is from a west-African country that had the reverse problem - required the rig to have wiring for local standards, but then no-one could get any plugs to go into them. Typical.)

Re:USB? Software? On a BATTERY CHARGER?

[1s44c]

What are you trolling slashdot for day after day? It's not like you ever said anything valid about anything.

Either you are a attention seeking moron or you are getting paid for it.

Counterfeits

[perpenso]

Why does a USB-powered charger need software at all? ... But how does Energizer feel now, with egg on their faces?

To be honest, they just need to get used to it and others need to be prepared for it. Imagine the opportunities for counterfeiters, they now have the potential for a new revenue stream. Regardless of whether a legitimate product comes with software or not, I expect some counterfeit goods will start coming with software. Legit or counterfeit, the company will take heat from consumers. They just need to get ready for it.

--
Perpenso Calc for iPhone and iPod touch, scientific and bill/tip calculator, fractions, complex numbers, RPN

Outsourcing / QA / Negligence

[grahamsaa]

Energizer obviously isn't the first company to be hit with this sort of embarrassment, and it's surprising to me how resistant some of these companies are to learning and adopting good QA and security practices.

If corporations feel that they must outsource production of devices like these, they damn well better be prepared to do thorough in-house testing before they release malware to the public. I'll give them the benefit of the doubt that they were probably unaware of this trojan, but that makes them no less negligent.

Re:Outsourcing / QA / Negligence

[vlm]

You're assuming they didn't outsource engineering, QA, security, and testing.

You have the olden days idea, that China only manufactures.

I would not be surprised to learn Energizer-USA in 2010 is no more than an overpriced CEO and some marketing folks.

Re:Outsourcing / QA / Negligence

[meerling]

All it takes to bypass all the security in the world is one mistake by one person one time.
(I've seen it happen more than I can count, and that's a pretty big number.)

Re:Outsourcing / QA / Negligence

and the CEO is Bunny. What else do you expect?

Re:Outsourcing / QA / Negligence

[m2shariy]

So, they did not outsource marketing yet, did they?

Easy to uninstall

[gmuslera]

at least that particular backdoor. Trojans, bots, virus, other backdoors, keyloggers, etc, that went in during the 3 years that you had it installed will be a bit harder to uninstall. Same for the info that you considered safe that went thru your machine (passwords, credit card info, etc).

Anyway, a proper firewall (that at the very least dont let connect to your machine thru not specifically enabled ports) should had stopped most of it.

Let me at him

[flahwho]

That fucking bunny! He's gonna have to GO~!

Re:Let me at him

The pink bunny told me that the small purple gorilla says "hi" btw.

Re:Let me at him

[mcgrew]

If I run the old 2D side scroller Duke Nukem on it, does it kill this virus?

Country of manufacture?

[spagthorpe]

I would kind of guess "Made In China", and the special edition to the software could easily have been added at this phase. It makes you start to wonder about a lot of products made there, and what they could also be doing. Even something like a motherboard could have all kinds of things going on at a very low level, and who would have a clue?

Re:Purchasers should have known something was wron

[dkleinsc]

Not true. If it had been a giant wooden bunny, they'd have known that Lancelot, Galahad, and Bedevere had forgotten to get inside in the first place.

new marketing for PC makers

With Bunny inside!

That's a feature (CPO)

Actually, that's a feature also referred to as "Certified Pre-Owned".

It's not a trojan!

[Krau+Ming]

It's actually a secret file that when run through a series of complex filtering steps will give you an image of a map where the only copy of portal 2 can be found!

Re:usbcell

[Dr_Barnowl]

As noted above, because they suck in terms of capacity.

The DUO is a small battery charger anyway.

Just wait until...

[mhajicek]

Just wait until you plug it into your Toyota.

Re:Just wait until...

[ascari]

Toyota: Just keeps going, and going, and going?

An AutoStart Fix for Windows XP and W2K

[NicknamesAreStupid]

This little trick will disable all autoplay features, eg. CDs, USB-memories etc. Open the registry editor, regedt32.exe, and configure the following registry value:
Hive: HKEY_LOCAL_MACHINE
Key: SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
Value Name: NoDriveTypeAutoRun
Type: REG_DWORD
Value: hex: 0x03fffffff

Re:An AutoStart Fix for Windows XP and W2K

[Sir_Lewk]

It's things like this that just go to show why windows will never be ready for the desktop.

Atlas Shrugged 2: One Hour Later

[spun]

http://www.angryflower.com/atlass.gif

Whoa

The Energizer Bunny exploits a backdoor and lets the world use it?

Ouch.

Re:Purchasers should have known something was wron

[element-o.p.]

But...but...but...it's just a harmless bunny rabbit!

Sony

Had this been Sony the comments would've been calling for immediate boycotting of all products. Everyone stop buying Duracell!

Re:Sony

[^_^x]

True, but that was a boycott of all Sony for a third party solution bought by the Sony-BMG music label...
So to do the equivalent here, people would have to start boycotting Energizer, Schick, Playtex, Purina, and every brand that ever in some way was related to Energizer since Sony is basically a self-contained keiretsu of many compartmentalized companies.

Re:Sony

[mcgrew]

Sony's XPC rootkit cost me time and money. I'm not going to boycott them, I'm just not buying any more Sony products, especially anything with any digital component (wich these days is everything). Part of the "functionality" of XCP was to disable music burning software and P2P software; that could NOT have been an accident, unlike this. I'll give anybody the benefit of the doubt, as long as it's possible to have any doubt to give them the benefit of. At the time I used P2P to find indie music (Sony-BMG's competetitors), and it disabled the software I used to burn legally purchased LPs to CD, just as I'd previously recorded my LPs to cassette to play in the car.

XCP was just evil. Period. There was no excuse whatever for it. Someone should have gone to prison for that bit of malfeasance, and I don't see how anyone who knows anything at all about XCP could ever trust Sony again, whether or not they got burned personally.

And yes, autoplay was disabled; my daughter, who worked in a music store at the time, installed the software on the CD, never dreaming that Sony would put malware on a music CD.

Interesting...

[clone53421]

It gives hex dumps of some of the commands. (Since some of them would obviously require arguments, they clearly can’t be full packets, but they’re signatures of each particular packet.)

All of them follow this pattern:
C2 E5 E5 E5 9E
8 bytes that are different for each command
C8
4 bytes that vary
C8 D1
3 bytes that vary
C8
4 bytes that vary
C8
12 bytes that vary
98 E5

Graphing the sequences showed very obvious trends: Lots of values clustered in approximately the 155-170 range, and lots in the 200-220 range. Also, the 3-byte field that is different for every command has a different clustering pattern.

XORing the patterns with 0-255 yielded the following at 229:
'\0\0\0{98D958FC-D0A2-4f1c-B841-232AB357E7C8}\0
'\0\0\0{F6C43E1A-1551-4000-A483-C361969AEC41}\0
'\0\0\0{783EACBF-EF8B-498e-A059-F0B5BD12641E}\0
'\0\0\0{EA7A2EB7-1E49-4d5f-B4D8-D6645B7440E3}\0
'\0\0\0{E2AC5089-3820-43fe-8A4D-A7028FAD8C28}\0
'\0\0\0{384EBE2C-F9EA-4f6b-94EF-C9D2DA58FD13}\0
'\0\0\0{4F4F0D88-E715-4b1f-B311-61E530C2C8FC}\0

Now, colour me surprised, but those look a damn awful lot like CLSIDs...

VERY INTERESTING.

Re:Interesting...

[IICV]

Now, colour me surprised, but those look a damn awful lot like CLSIDs...

VERY INTERESTING.
--
I've just had an epiphany.

Well? Don't just leave me hanging here man!

Re:Interesting...

[clone53421]

Apparently they look like class IDs, but they’re really just arbitrary strings that were chosen to identify its commands.

My basic line of thinking was that if it was just getting class IDs to call, you could send it any class ID that you wanted. This guy told me otherwise, though.

Re:Interesting...

[clone53421]

Oh... and for more fun with class IDs, go here.

Re:Interesting...

[Animaether]

Well you might as well provide more information on what the command identifiers are... Symantec does;
http://www.symantec.com/connect/blogs/trojan-found-usb-battery-charger-software

Re:Interesting...

[clone53421]

Thanks for the link; I hadn’t seen that source.

Yeah, it looks like they figured out a little more from probably disassembling and reverse engineering the trojan than I figured out from simply playing with the hex values from the network filters given here. (Actually, the Symantec page is linked to from that page... but I didn’t check it out.)

All in all, it’s a really simplistic, primitive hack of a backdoor and it’s hard to believe it wasn’t found sooner. Especially since it had a bug that caused it to go into spinlock sometimes.

Re:Interesting...

Google those CLSID's and you'll see that they are commands for the nefarious deeds the trojan does...

Fucking communist!

[BitHive]

Look damnit, if the free market thought there was an advantage to doing things your way then we'd all be growing our own battery chargers on government plantations. You presume to tell American businesses how to optimize their production lines? Nonsense and tosh! If you want something done a particular way, do it yourself! Your elitist attitude makes me sick.

Re:Fucking communist!

[Opportunist]

Hmmmm... being communists or being pwned by communists... decisions, decisions...

Re:Fucking communist!

[Sleepy]

>Hmmmm... being communists or being pwned by communists... decisions, decisions...

One could also point out the symbiotic relationship between China's Communist Government and America's Republican party.

They both are so intertwined and interdependent that (at the top levels at least) there is no distinguishing them.

Re:Fucking communist!

[ItsJustAPseudonym]

My gosh, you are right! They are both led by chairmen! It was obvious all along!

Detect it with Nmap

[iago-vL]

I spent the morning reverse engineering the Trojan and wrote an Nmap script to detect if a remote system is infected. Hope it helps out: http://www.skullsecurity.org/blog/?p=563.

Ron

Re:Detect it with Nmap

[clone53421]

Cool!

I discovered its command sequences are actually obfuscated class IDs... which also seems like a cheap-and-easy trick, right in line with “pretty simple and isn’t packed”.

I’m betting that you could send it any CLSID and it wouldn’t care... effectively making this backdoor much larger than the listed operations that could be requested (command execution, dir, write file, read file, nop, find file, “yes”, add run once, delete file). Perhaps since you’ve disassembled it, you could comment or shed further light on my hunch?

Re:Detect it with Nmap

[iago-vL]

Yeah, the simple xor 'encryption' is pretty oldschool. I can't believe I didn't notice that right away myself. I didn't see it till I started looking at the send/recv functions.

As to the CLSID, good thought, but no -- the CLSID isn't a real CLSID, it's just a way of identifying its own commands. Basically, it's a list of if(!strcmpi(command, "clsid1")) { do_this() } elseif(!strcmpi(command, "clsid2")) { do_that() } etc.

It only has those 9 or so CLSID's included, and if it isn't on the list the command is simply discarded.

And for what it's worth, the initial "'\x00\x00\x00" that you're seeing is a length (0x27 = the length of the CLSID = ').

Re:Detect it with Nmap

Do you always put random names in the body of your post?

John

I do it too.

Ed

I figure it makes my posts more interesting to read in case people want to know what name I mention next.

Bob

Re:Detect it with Nmap

[clone53421]

Ah. So if they really were just arbitrary strings... I wonder what the logic was behind making them look like class IDs?

And for what it's worth, the initial "'\x00\x00\x00" that you're seeing is a length (0x27 = the length of the CLSID = ').

Heh... yeah, I should have caught that. I wasn’t looking at the hex values of the decoded string...

Re:Purchasers should have known something was wron

Who leaps out of the rabbit?

It keeps on working...

[woboyle]

I think this device will go up on the shelf right next to my virus infected picture frame...

Thump, Thump, Thump, Thump

[magusxxx]

Remember the commercial where the Energizer bunny is hooked to the UFO? That was Jeff Goldblum's idea.

Re:The Most Serious BotNet

"is Steve Ballmer. Enjoy. Yous In Redmond, KT"

Haaa ... nice .. score +5: funny !!!!!!

How does apple handle this?

[Overzeetop]

Does OSX not recognize and attempt to run the information on a newly inserted device based on the device content?

Re:How does apple handle this?

[clone53421]

IIRC, the device just appears on the desktop. It’s up to you to open it and run whatever it contained.

Scan for systems and exploit them using Metasploit

The Metasploit Framework has been updated to include both a scanner and an exploit module for this trojan. You can find a rundown of how these modules work on the Metasploit Blog: http://blog.metasploit.com/2010/03/locate-and-exploit-energizer-trojan.html

The "100% CPU" issue noted above is easy to trigger; the trojan is written poorly and closing the connection too soon leaves the process spinning. To solve this in Metasploit, we send the "nop" command prior to the disconnect.

The USB charging specification...

[msauve]

states that "A Dedicated Charging Port is required to short the D+ line to the D- line."

A USB hub obviously doesn't do that, so some devices won't charge off a lone hub.

Re:The USB charging specification...

[clone53421]

It’d be easy enough to hack a USB cable to make this work. Short the data wires together on the device’s end, and leave them clipped on the hub’s side of the cable so they’re not connected to anything at all (open circuit).

Why

[rossdee]

Why does a USB battery charger need software. I have a number of devices that just use the power from a USB port to charge, and they don't connect any other wirez apart from the power.

Re:Purchasers should have known something was wron

[singingjim1]

Oh. Um, I... look, if we built this large wooden badger...

China

[sexconker]

This is what happens when you make everything in China.

It keeps stealing....

[Dthief]

and stealing....your info

That doesn't work for all hubs

[tepples]

If an item just needs re-charging via USB I have been just plugging them into a powered USB hub.

Not all self-powered USB hubs work as a PC-less charging station. I have one hub that gives power whenever it's plugged into the wall, and I have another that gives power only if it's plugged into both the wall and a host.

I first contacted energizer

[schallee]

What's sadder is that I originally contacted energizer last year and was told

"Thank you for your input. Your email has been forwarded to our software team for review."

Energizer doesn't mention that part;) After auto responses and no updates I finally gave up and sent it to CERT instead.

Alternatives

[magus_melchior]

There are always alternatives. Like this nifty thing that runs on 2 AA batteries and has no memory or software. Sure, you'll need to get an additional $40 or so of equipment (soldering iron, clamp), but like OSS and food you make from scratch, you know exactly what's going into it.

And, for bonus points, you can expand this USB power supply with neat things like lithium-polymer batteries, USB charging, and even solar cells.

Not the least surprised

[WindBourne]

1. You have fools that run Windows.
2. We have idiots that have sent all the work to China.
3. We have fools that buy this junk and then will blame the crackers in CHina that are paid to do this, rather than blame themselves, or the companies that sent the work there in the first place.

Personally, I would like to see some of these Windows ppl SUE Energizer and other companies for selling the products that infect their machines. Force them to pay out 10-100x what they made in profit. Once western companies realize the high costs of doing business there, then and only then will they stop.

Not just the Energizer Duo...also the USB Charger

[dtmcgregor]

The link here's a bit misleading.

There are at least two models of Energizer battery charger that use the same software...the Energizer USB charger, AND the Energizer Duo. They're pretty much the same apart from the colour, but the Duo includes a USB to wall socket adaptor allowing you to charge it from the wall, not just USB. The Energizer press release makes this clear, most of the reporting stories don't.

Can someone please change the link to:

"warned that software accompanying the Energizer DUO AND USB battery charger"

Regards,

  - David.

Do not use on Vista

I know the parent said XP and 2K only - do not use on Vista.

With Windows Vista, the NoDriveTypeAutoRun registry value actually has the opposite behavior than what Windows has documented. In other words, if you think that you have protected yourself by restricting AutoRun with this registry value, you have actually put yourself at additional risk. We have published details about this issue as US-CERT Vulnerability Note VU#889747. The end result here is that a user may inadvertently execute code by clicking on the icon for a device, such as a USB thumb drive.

details here

Re:Software?! - yes

I'd hope to find some open source software that would monitor how the charging is doing under UNIX - no such luck yet.

What post-national cyber "war" looks like.

[SomePoorSchmuck]

This is the kind of scenario I found myself thinking about when reading the "US Unable to Win a Cyber War" post from a couple weeks back. That exercise seemed such a shallow attempt to drum up public fear so we would gladly support an expanding Snoopocracy and spend a few trillion dollars on emerging venture projects from the military contractors who already control half the government. Imagine -- the government prints eleventy trillion dollars at its ever-busy dollar factory to pay for doubling the size of every alphabet-soup information awareness agency; meanwhile, a few million God-fearing citizens are going to Wal-Mart and actually PURCHASING malware...

It's like, the biggest social engineering "hack" ever. And like all social engineering attacks (you could almost include the 9/11 attacks in this genre), the devastation comes from how a meatspace method simply, directly, and sometimes nearly effortlessly sidesteps an enormous byzantine technological/physical infrastructure to exploit a human weakness no one saw because we were all so busy admiring the size and thickness of our huge new fortress walls and battlements.

Re:usbcell

Not to mention that you can charge more than one battery per USB port.

I still agree with those who prefer a mains powered charger like the ones I have that do 4 AA or AAA batteries at a time but then again that's just me.

Wait a minute

[JumpDrive]

We are pointing fingers at Chinese and Energizer for this.
What I want to know is where were our army of nerds that are supposedly looking for these types of trojans or viruses and why did it take 2.5 years to find out about it?
Surely some of the big companies selling us anti-virus and anti-trojans had some of there products on infected machines. Why weren't they able to catch on to this? I'd assume that some of them were using heuristic algorithms
What I would assume is that a lot of people saw the sign but didn't act on the problem (open 7777 ports)?
But it also may be that this trojan didn't effect that many computers and that is why it wasn't seen for a long time.

When someone complained about this software and reported as a possible trojan/virus this is the answer that was given in a "Windows User Group" in 2008
I found this DLL comes from Enegizer USB Charger: http://www.energizer.com/usbcharger/language/english/download.aspx
Aside from causing reported problems, this is not a trojan.

So really looking at it, I see it as a failure of our community.

Did snort ever detect an infected machine as having malicious activity?
Why didn't we catch this sooner and how many more like this are out there?

We have now given the recipe for having a non-detectable root-kit, use something that isn't going to be used by a lot of people and infected a small number of computers, use these as stations to infect others.

WTF

[Datamonstar]

Why would you ever want to charge batteries through a USB port anyway? Last I heard, PCs require a handy-dandy AC socket connection to the power supply. Which means you could charge your batteries from there without having to install any software. Why would you ever need to install software to charge a battery? There's probably a light on it somewhere that can tell you when the battery is fully charged, but of course people want yet another icon on the task-bar and another app to start up in MSCONFIG and slow down their PC and conflict with other software mad dashing to load first. This is a stupid product to begin with, double win for it being taken off the market.

Everyone throttle back for a minute...

[wronskyMan]

The only reason the USB connection is needed is to provide the +5V power. At work, there were computers set to disable USB storage - and to report any attempts to the admins - since flashdrives etc were banned for these same security concerns. Had some small video cameras that needed recharging; 30 seconds with a pair of wire cutters and electrical tape resulted in a USB cable containing only the power and ground wires (no ability whatsoever for data to make it through). Sounds like this is what Energizer needs to do. There is no need for data transfer in a battery charger, and extra wires put in by a rogue factory are a lot easier to detect than malicious code.

Why I like asian girls

[cavebison]

Wonder where the device was made?

The Chinese really seem to be into this backdoor stuff. rowwr.

This news

That is quite shocking.

Detect it with Nmap, exploit with Metasploit

[Fnord666]

I spent the morning reverse engineering the Trojan and wrote an Nmap script to detect if a remote system is infected.

Looks like Metasploit has a payload module to go with this backdoor. Nifty!