Energizer and USCERT report that a backdoor has been found on USB battery chargers that could allow an attacker to have remote access and take control of Windows based PCs: Energizer DUO USB battery charger software allows unauthorized remote system access:
Overview
The software included with the Energizer DUO USB battery charger contains a backdoor that allows unauthorized remote system access.
I. Description
Energizer DUO is a USB battery charger. An optional Windows application that allows the user to view the battery charging status has been available on the Energizer website. The installer for the Energizer DUO software places the file UsbCharger.dll in the application's directory and Arucer.dllin the Windows system32 directory. When the Energizer UsbCharger software executes, it utilizes the UsbCharger.dllcomponent for providing USB communication capabilities. UsbCharger.dll executes Arucer.dll via the Windows rundll32.exe mechanism, and it also configures Arucer.dll to execute automatically when Windows starts by creating an entry in the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry key.
Elinor Mills of CNET writes further:
The Trojan may have been in the software since it was first offered three years ago, according to Symantec.
"We were interested in finding out how long this file had been available to the public. The compile time for the file is May 10, 2007. It is impossible to say for sure that this Trojan has always been in this software, but from our initial inspection it appears so," Symantec wrote in a blog post. "The Trojan still operates whether this device is found or not, so a USB charger doesn't need to be plugged in for the Trojan to be functioning."
A battery charger than may have been compromising PCs for 3 years is not comforting. What new malware discoveries await us?
Comments