Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor found in Energizer DUO charger software


  • Please log in to reply
10 replies to this topic

#1 Grinler

Grinler

    Bleep Bleep!


  • Admin
  • 39,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:27 AM

Posted 07 March 2010 - 10:15 AM

It appears that since 2007 Energizer has unknowingly been distributing a backdoor Trojan as part of their Energizer Duo software. The file Arucer.dll, which was thought to be a legitimate file used by their USB battery charger, was instead a backdoor Trojan that allowed remote access to an infected computer.It has always been thought that the Arucer.dll was a legitimate file that allowed you to check the status of batteries inserted into the battery charger connected to your computer. Recently Cert has discovered that this file may instead be a backdoor Trojan that listens on port 7777 for commands from a remote location. A sample was also given to Symantec where they performed an analysis of it as well. They corroborated that the Arucer.dll was indeed a backdoor and and that it was able to execute commands issued remotely. These commands could perform the following actions:

  • Download a file
  • Execute a file
  • Send a directory listing to the remote attacker
  • Send files to the remote attacker
  • Modify the following registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\”svchost”
Since being alerted, Energizer has removed the software and issued a press release stating that a "vulnerability" has been found and that they have discontinued the product and offered software to uninstall the backdoor.

What I find alarming is that this is obviously a lapse in quality control by Energizer as they allowed this backdoor to be distributed in their software. Regardless of the reasons that this was allowed to happen, it is obvious that there was a serious lapse of quality control and code auditing in this product. What I find even more disturbing is that instead of owning up to the fact that they were distributing an infection, they instead state it was a vulnerability. A vulnerability is a problem in the code of a program that could cause a security issue. It is not a file that was purposely designed to be backdoor. This is not the first time that we have seen a company distributing infections and downplaying their significance. For example, Maxtor was selling the Maxtor Basics Personal Storage 3200 hard drive that contained an Autorun Worm. In their security alert they trivialized this by stating "The effects of this virus are minimal." The fact that companies diminish the significance of these issues is not only wrong but is also insulting to their customers.

To remove this backdoor, simply uninstall the Energizer Duo software and reboot your computer. You will then be able to remove the C:\Windows\System32\arucer.dll file from your computer. If you run into difficulties removing this file, feel free to ask for help in the forums.




BC AdBot (Login to Remove)

 


#2 Travito

Travito

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:27 AM

Posted 07 March 2010 - 12:39 PM

That's insane. Shame on them for how they're handling it in regards to brushing it off as not a problem. I wonder who's behind it? Disgruntled employee perhaps?

#3 carri

carri

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Yorkshire, England
  • Local time:08:27 AM

Posted 07 March 2010 - 02:19 PM

:thumbsup: That's just alarming and wrong! Shaaaame on Energizer :flowers: Energizer just lost my trust and custom.
Posted Image
Hug someone today and get on their nerves!

#4 matt3

matt3

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:02:27 AM

Posted 08 March 2010 - 04:23 PM

:flowers:
this is all they can say :thumbsup:

#5 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:27 AM

Posted 08 March 2010 - 06:32 PM

Way to go Energizer! :thumbsup:

#6 Snuupy

Snuupy

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 08 March 2010 - 11:00 PM

Wow, that's just epic fail.... :flowers:

aren't people :thumbsup:

#7 keyboardNinja

keyboardNinja

    Bleepin' Ninja


  • BC Advisor
  • 4,813 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh interwebz
  • Local time:03:27 AM

Posted 09 March 2010 - 10:02 PM

Wow. Good job, Energizer! :thumbsup:
PICNIC - Problem In Chair, Not In Computer

Posted Image Posted Image

20 Things I Learned About Browsers and the Web

#8 legacy9x

legacy9x

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 11 March 2010 - 05:16 PM

Wow that is unbelivable.. To think.. I mean you could buy software from walmart, regardless of what it is and even if your antivirus detects it as a trojan or whatever, you'll be like "aww my antivirus, so clumsy!!"

Atleast me, in my own person I would of never thought this could be possible.

#9 rustyarky

rustyarky

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Location:among flora & fauna
  • Local time:03:27 AM

Posted 14 March 2010 - 09:55 PM

Will they ever release information of who was behind it?

#10 Rocky Murray

Rocky Murray

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:27 AM

Posted 21 March 2010 - 07:03 PM

My girlfriend uses Energizer batteries for her 'personal massager'. Is there any chance of her transmitting this to me? I'm running a malwarebytes scan on her now, I'll be very dissapointed if Energizer successfully backdoored my girl. :thumbsup:

#11 Layback Bear

Layback Bear

  • Members
  • 1,878 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ohio
  • Local time:03:27 AM

Posted 18 April 2010 - 09:13 AM

This Energizer thing make me wonder what else one might plug into a computer could have this type of programs I.E. printers/scanners, sound systems, phone cards, photo cards. How would some one check for this?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users