Energizer USB Charger contains trojan!

In the most innocent places, we always find them. Trojans. Sometimes you start to wonder if it was intentional. First, they appears on Seagate, then in some other USB music players (more than 1 company) and now even in a innocent looking USB battery charger from Energizer.

The trojan is from in a file arucer.dll which is installed onto the system32 directory. It basically listens to port 7777 and performs information leakage, windows registry modification and download and execute files (sound like a liveupdate to me).

So, who planted it? This is a good question I suppose CERT and Symantec will be spending the next few sleep weeks on. In any case, the software had been pulled (the Windows version anyway. Who want to bet that there is a trojan in the mac version as well?) so if you had installed any of those software, I strongly suggest you uninstall them and look out for the arucer.dll in your system32 directory.

The full story:

http://www.computerworld.com/s/article/9166978/Energizer_Bunny_s_software_infects_PCs?source=rss_security

Updated CERT Report:

http://www.kb.cert.org/vuls/id/154421

RPC Shutdown at Shanghai Pudong Airport

Its a pretty big and fantastic airport. One strange thing is that the shops are "mirrored". You have them at both ends so you need not trravel from one end to the other to buy something... There is the same shop oin your side too. That I must say, we don't do here. In any way we see it, its a waste of money due to unnecessary resources.

However, one particular thing was really "funny". Despite all the advancement, the following happened :

For those who did not know whats going on, this is a typical RPC expoiltation. It causes the computer to shutdown. Usually its related to port 137 attack or a mlaware infection. There is a quick way to overwrite this by running : shutdown -a on command prompt as admin. However, we can clearly see this happening to 4 of the 6 screens running the airport time flight schedule. Here is a bigger picture :

Well, it rebooted and ran into Windows 2000 Pro with an auto login account and reran the program. Its probably not affecting the system, but who knows that sort of stuff are in these computers or are they even 0wnzed to attack other systems.

Well, I think the airport system is due for a security audit. :)

CitiBank. HSBC Virtual Keyboard

Since in Aug 2005, I had posted :
http://www.cerberus-network.com/Home/tabid/63/ctl/Details/mid/397/ItemID/9/Default.aspx

But still you see people posting this today.
http://www.hackinthebox.org/modules.php?op=modload&name=News&file=article&sid=23133&mode=thread&order=0&thold=0

Nothing has changed. Other than the fact that most keylogger has "upgraded" itself and is able to handle the virtual keyboard now a days.

How about trying something else? Like audio? It also becomes handicap friendly as well?