Energizer charger software plants trojan

There will be a few unhappy bunnies at Energizer HQ today as it emerges that the giant battery maker has included a malicious trojan in the monitoring software for one of its USB battery chargers.

THe problem is so serious that the Feds have become involved, with the United States Computer Emergency Readiness Team (US-CERT) issuing a warning.

The Energizer Duo is a USB battery charger which comes with optional Windows software which allows the user to view the charging state of the battery on-screen, and it's this software which carries the malware.

The installer places the file UsbCharger.dll in the application's directory and Arucer.dll in the Windows system32 directory. When the Energizer UsbCharger software executes, it uses the UsbCharger.dll component for providing USB communication capabilities.

The file executes Arucer.dll via the Windows rundll32.exe mechanism, and it also configures Arucer.dll to execute automatically when Windows starts by creating an entry in the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry key.

The malware allows unauthorised remote system access which will be picked up by firewalls in XP SP1 onwards, but allowing the executable to run will add the trojan to the firewall exceptions list.

An attacker is able to remotely control a system, including the ability to list directories, send and receive files, and execute programs. The backdoor operates with the privileges of the logged-on user.

Removing the software closes the backdoor as the trojan needs the executable to be running in order to work.

Energizer has discontinued the affected model, and removed the software from its web site, but has not issued a product recall, which means that the offending hardware could still be available from some retail outlets.