[ISN] Backdoor found in Energizer Duo USB battery charger

From: InfoSec News <alerts_at_private>
Date: Tue, 9 Mar 2010 10:49:58 -0600 (CST)
http://news.cnet.com/8301-27080_3-10465429-245.html

By Elinor Mills
InSecurity Complex
CNet News
March 8, 2010

Software that can be downloaded for use with the Energizer Duo USB 
battery charger contains a backdoor that could allow an attacker to 
remotely take control of a Windows-based PC, Energizer and US-CERT is 
warning.

"The installer for the Energizer Duo software places the file 
UsbCharger.dll in the application's directory and Arucer.dll in the 
Windows system32 directory," the U.S. Computer Emergency Readiness Team 
said in an advisory on Friday. "Arucer.dll is a backdoor that allows 
unauthorized remote system access via accepting connections on 7777/tcp. 
Its capabilities include the ability to list directories, send and 
receive files, and execute programs."

The Windows software was made available via a download with the 
Energizer Duo Charger, Model CHUSB, Energizer said in a statement.

The battery maker said it does not know how the Trojan got into the 
software. "Energizer has discontinued sale of this product and has 
removed the site to download the software," the statement said. 
"Energizer is currently working with both CERT and U.S. government 
officials to understand how the code was inserted in the software."

[...]


___________________________________________________________
Register now for HITBSecConf2010 - Dubai, the premier 
deep-knowledge network security event in the GCC, 
featuring keynote speakers John Viega and Matt Watchinski! 
http://conference.hitb.org/hitbsecconf2010dxb/
Received on Tue Mar 09 2010 - 08:49:58 PST

This archive was generated by hypermail 2.2.0 : Tue Mar 09 2010 - 08:54:41 PST