Slashdot Mirror

← Back to Stories (view on slashdot.org)

Energizer USB Battery Charger Software Infects PCs

Posted by Soulskill on from the bad-bunny dept.

swandives writes "Researchers at US-CERT have warned that software accompanying the Energizer DUO USB battery charger contains a Trojan that gives hackers total access to a Windows PC. The product was sold in the US, Latin America, Europe and Asia starting in 2007. Upon installation, the software creates the file 'Arucer.dll,' a Trojan that listens for commands on TCP port 7777. Upon receiving instructions, the Trojan can download and execute files, transmit files stolen from the PC, or tweak the Windows registry. Uninstalling the software disables the automatic execution of the Trojan. Users can also remove Arucer.dll from Windows' system32 directory and reboot the machine to disable the backdoor component."

9 of 260 comments (clear)

  1. Near Anagram for Duracell by eldavojohn · · Score: 5, Funny

    Interesting that Arucer.dll is (aside from an extra 'r') an anagram for Energizer's competitor Duracell. Perhaps the authors of the software thought Duracell was spelled 'Durracell'? And perhaps they decided to pick an anagram of the competitor to make it look as though Duracell is behind this?

    --
    My work here is dung.
    1. Re:Near Anagram for Duracell by Anne_Nonymous · · Score: 5, Funny

      The should all be charged with assaulting battery!

      -rimshot-

    2. Re:Near Anagram for Duracell by multisync · · Score: 5, Insightful

      you think the Term 'hacker' and the term 'criminal' are mutually exclusive?

      No, but neither are the terms "accountant" and "embezzler," or "journalist" and "liar," or "priest" and "pedophile."

      The problem with using the term "hacker" is as soon as you throw that term in to the conversation, it takes the spotlight off of the party that is actually responsible.

      So Sony puts a root kit on your machine that could allow "hackers" to get control of it, it's those damn "hackers" who are the problem, not Sony. Perhaps not the best example to give, since Sony was heavily criticized for their actions (at least on Slashdot); but how many times have we seen stories about public servants losing laptops full of unencrypted information reported as "hackers could be accessing your private information."

      The problem isn't some mythical "black hat" pounding furiously away at the keyboard as graphic images swirl around his head, it's that companies and government agencies are not taking due care with people private information, and frequently take liberties with their customers' property that would be considered criminal if it was your physical property they were abusing. Invoking the phrase "hacker" let's the real parties who are responsible off the hook.

      In this case, I would be interested in knowing why Energizer has no idea how this trojan got in to their charger in the first place, and whether it was truly the work of a nefarious black hat, or a misguided attempt by the company to keep tabs on how customers are using their product.

      Who knows, but as long as the focus is on "hackers" exploiting this trojan, rather than how it got bundled with the charger in the first place, it's unlikely we'll get the real story, or that the people who were really responsible will face any consequences.

      --
      I don't care why you're posting AC
  2. This Trojan by retardpicnic · · Score: 5, Funny

    just keeps going....and going...and going....

    --
    sig loading.......
  3. Purchasers should have known something was wrong by jlowery · · Score: 5, Funny

    if only because of the giant wooden Energizer Bunny on the packaging.

    --
    If you post it, they will read.
  4. Re:A clean uninstaller? wow! by kseise · · Score: 5, Funny

    Ubuntu does not equal Linux. Come on man! You probably have to wait for it to be packaged upstream. Besides, a DLL is a LIBRARY file. You should be looking for lib-arucer or something similar like waffles, or whatever the developer felt like naming it. If that doesn't work, try x-arucer, or switch to Gentoo. I am sure they can get it.

    PS- Wine might run it, but you will probably need a patch. Try Cedega or Play-On-Linux, or qemu or dosbox.

  5. Re:Outsourcing / QA / Negligence by vlm · · Score: 5, Interesting

    You're assuming they didn't outsource engineering, QA, security, and testing.

    You have the olden days idea, that China only manufactures.

    I would not be surprised to learn Energizer-USA in 2010 is no more than an overpriced CEO and some marketing folks.

    --
    "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
  6. Re:An AutoStart Fix for Windows XP and W2K by Sir_Lewk · · Score: 5, Funny

    It's things like this that just go to show why windows will never be ready for the desktop.

    --
    "linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
  7. Re:Just wait until... by ascari · · Score: 5, Funny

    Toyota: Just keeps going, and going, and going?