Search This Blog

Monday, March 08, 2010

Energizer USB Charger contains trojan!

In the most innocent places, we always find them. Trojans. Sometimes you start to wonder if it was intentional. First, they appears on Seagate, then in some other USB music players (more than 1 company) and now even in a innocent looking USB battery charger from Energizer.

The trojan is from in a file arucer.dll which is installed onto the system32 directory. It basically listens to port 7777 and performs information leakage, windows registry modification and download and execute files (sound like a liveupdate to me).

So, who planted it? This is a good question I suppose CERT and Symantec will be spending the next few sleep weeks on. In any case, the software had been pulled (the Windows version anyway. Who want to bet that there is a trojan in the mac version as well?) so if you had installed any of those software, I strongly suggest you uninstall them and look out for the arucer.dll in your system32 directory.

The full story:

http://www.computerworld.com/s/article/9166978/Energizer_Bunny_s_software_infects_PCs?source=rss_security

Updated CERT Report:

http://www.kb.cert.org/vuls/id/154421


Posted by at
Labels: , ,

1 comment:

Nemesis said...

In case you still do not think its exploitable, now there is a metasploit plugin which allow you to scan you whole network for these devices (and exploit them):
http://blog.metasploit.com/2010/03/locate-and-exploit-energizer-trojan.html

8:59 AM

Post a Comment

Subscribe to: Post Comments (Atom)

Amazon Gift Cards!

Thanks for viewing!

Copyright © 2008 nemesisv.blogspot.com, All rights reserved.