Energizer USB Charger Software Contains Malware
US-CERT researchers said Friday that the software that installs with the Energizer charger contains a Trojan horse that gives malicious hackers a back door into Windows machines.
"An attacker is able to remotely control a system, including the ability to list directories, send and receive files, and execute programs. The backdoor operates with the privileges of the logged-on user," US-CERT said. "Removing the Energizer USB charger software will also remove the registry value that causes the backdoor to execute automatically when Windows starts."
Although the fix seems relatively easy for consumers who are aware they have been infected, the path in was also straightforward. Rob Enderle, principal analyst at the Enderle Group, said consumers were probably not expecting the Energizer software to carry a malicious payload.
"Typically in a Windows 7 or even a Windows Vista install, if you mess around with ports you should get a warning," Enderle said. "Because consumers got the software from a trusted source, chances are you'll bypass the warning and go ahead and install it because you think you are only installing the battery monitor. This is a nasty piece of work."
Enderle questioned the origin of the software, noting that Trojans seem to make their way into programs when the software is developed outside the U.S. Chances are, he said, the software was developed in China or some other foreign country.
Symantec also investigated the Energizer malware and discovered that the Trojan listens for commands on port 7777. That by itself is not so unusual, the company said, but Symantec researchers were surprised that...
