Backdoor found in Energizer DUO charger software

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > General Topics > News

Backdoor found in Energizer DUO charger software

Options

Grinler View Member Profile	Mar 7 2010, 10:15 AM Post #1
Bleep Bleep! Group: Admin Posts: 33,050 Joined: 24-January 04 From: USA Member No.: 3	It appears that since 2007 Energizer has unknowingly been distributing a backdoor Trojan as part of their Energizer Duo software. The file Arucer.dll, which was thought to be a legitimate file used by their USB battery charger, was instead a backdoor Trojan that allowed remote access to an infected computer. It has always been thought that the Arucer.dll was a legitimate file that allowed you to check the status of batteries inserted into the battery charger connected to your computer. Recently Cert has discovered that this file may instead be a backdoor Trojan that listens on port 7777 for commands from a remote location. A sample was also given to Symantec where they performed an analysis of it as well. They corroborated that the Arucer.dll was indeed a backdoor and and that it was able to execute commands issued remotely. These commands could perform the following actions: Download a file Execute a file Send a directory listing to the remote attacker Send files to the remote attacker Modify the following registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\”svchost” Since being alerted, Energizer has removed the software and issued a press release stating that a "vulnerability" has been found and that they have discontinued the product and offered software to uninstall the backdoor. What I find alarming is that this is obviously a lapse in quality control by Energizer as they allowed this backdoor to be distributed in their software. Regardless of the reasons that this was allowed to happen, it is obvious that there was a serious lapse of quality control and code auditing in this product. What I find even more disturbing is that instead of owning up to the fact that they were distributing an infection, they instead state it was a vulnerability. A vulnerability is a problem in the code of a program that could cause a security issue. It is not a file that was purposely designed to be backdoor. This is not the first time that we have seen a company distributing infections and downplaying their significance. For example, Maxtor was selling the Maxtor Basics Personal Storage 3200 hard drive that contained an Autorun Worm. In their security alert they trivialized this by stating "The effects of this virus are minimal." The fact that companies diminish the significance of these issues is not only wrong but is also insulting to their customers. To remove this backdoor, simply uninstall the Energizer Duo software and reboot your computer. You will then be able to remove the C:\Windows\System32\arucer.dll file from your computer. If you run into difficulties removing this file, feel free to ask for help in the forums. Link: US-Cert Advisory: Energizer DUO USB battery charger software allows unauthorized remote system access Link: Symantec's Back Door Found in Energizer DUO USB Battery Charger Software Link: Energizer Announces Duo Charger and USB Charger Software Pro -------------------- Lawrence Become a BleepingComputer fan: Facebook Follow us on Twitter!

Travito View Member Profile	Mar 7 2010, 12:39 PM Post #2
Member Group: Members Posts: 60 Joined: 17-February 06 From: Kentucky, USA Member No.: 55,587	That's insane. Shame on them for how they're handling it in regards to brushing it off as not a problem. I wonder who's behind it? Disgruntled employee perhaps? -------------------- "Travito", MCTS

carri View Member Profile	Mar 7 2010, 02:19 PM Post #3
Forum Regular Group: Members Posts: 226 Joined: 2-October 07 From: Yorkshire, England Member No.: 160,367	That's just alarming and wrong! Shaaaame on Energizer Energizer just lost my trust and custom. -------------------- Hug someone today and get on their nerves!

matt3 View Member Profile	Mar 8 2010, 04:23 PM Post #4
Member Group: Members Posts: 113 Joined: 11-January 10 Member No.: 433,133	this is all they can say

xblindx View Member Profile	Mar 8 2010, 06:32 PM Post #5
Forum Addict Group: Banned Posts: 1,923 Joined: 21-September 08 From: NeverLand Member No.: 240,362	Way to go Energizer! -------------------- Please help people in need for free by visiting Free Rice Increase the security of your computer by using SpywareBlaster Recommended Firefox Addons Currently enrolled at Geek University Please use the button to post a reply. Do not use the button

Snuupy View Member Profile	Mar 8 2010, 11:00 PM Post #6
New Member Group: Members Posts: 5 Joined: 5-March 10 Member No.: 464,919	Wow, that's just epic fail.... aren't people

keyboardNinja View Member Profile	Mar 9 2010, 10:02 PM Post #7
Bleepin' Ninja Group: BC Advisor Posts: 2,656 Joined: 19-December 09 Member No.: 420,597	Wow. Good job, Energizer! -------------------- Sorry I've been away again, guys and gals. You know how busy life can get. :)

legacy9x View Member Profile	Mar 11 2010, 05:16 PM Post #8
New Member Group: Members Posts: 11 Joined: 11-March 10 Member No.: 468,676	Wow that is unbelivable.. To think.. I mean you could buy software from walmart, regardless of what it is and even if your antivirus detects it as a trojan or whatever, you'll be like "aww my antivirus, so clumsy!!" Atleast me, in my own person I would of never thought this could be possible.

rustyarky View Member Profile	Mar 14 2010, 09:55 PM Post #9
New Member Group: Members Posts: 2 Joined: 11-March 10 From: among flora & fauna Member No.: 468,875	Will they ever release information of who was behind it?

Rocky Murray View Member Profile	Mar 21 2010, 07:03 PM Post #10
New Member Group: Members Posts: 1 Joined: 21-March 10 Member No.: 474,255	My girlfriend uses Energizer batteries for her 'personal massager'. Is there any chance of her transmitting this to me? I'm running a malwarebytes scan on her now, I'll be very dissapointed if Energizer successfully backdoored my girl.

Layback Bear View Member Profile	Apr 18 2010, 09:13 AM Post #11
Forum Addict Group: Members Posts: 1,231 Joined: 12-September 06 From: Northern Ohio Member No.: 85,011	This Energizer thing make me wonder what else one might plug into a computer could have this type of programs I.E. printers/scanners, sound systems, phone cards, photo cards. How would some one check for this?

« Next Oldest · News · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 29th July 2010 - 09:37 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides