Energizer USB Battery Charger Injects PCs with Malware

Dennis Faas's picture

Symantec researchers have discovered that the software accompanying Energizer's DUO battery charger may have been injecting PCs with malware since May 2007. Energizer has recently discontinued the product, but for those who've already purchased the charger, it's important they know a workaround for the problem.

Trojan Creation Date Not Known

According to Symantec Global Intelligence Network director Dean Turner, it's tough to tell if the Trojan has been kicking around the full three years.

"It's really impossible to say for sure that this Trojan has always been in the USB charger-monitoring software, but the creation date in the Trojan binary's header indeed states that it was created back in May 2007," Turner said.

"This would imply that the Trojan was most likely created back in 2007; however, there is a possibility that the time and date were set wrong on the computer that was used when the binary source files were compiled."

Energizer, which discontinued the product last week, has not announced how the backdoor Trojan ended up in software for its USB device. Experts speculate that hackers somehow infected the product before or after it hit retail shelves.

In 2009, security researchers at Kaspersky Lab discovered malware running on a new M&A Companion Touch netbook the company had acquired in order to run compatibility testing. (Source: neoseeker.com)

How the Arucer.DLL Trojan Works

Installing the Energizer DUO software places several .DLL files in the Windows System32 directory.

One .DLL file named "USBcharger.dll," is fine, but it executes another, Arucer.dll, which is a backdoor operation that could allow a hacker to take unauthorized remote access of a PC via its TCP port 7777 (over an Internet connection).

"An attacker is able to remotely control a system, including the ability to list directories, send and receive files, and execute programs," said a U.S. CERT advisory. "The backdoor operates with the privileges of the logged-on user." (Source: eweek.com)

How to Remove or Block Arucer.DLL Trojan

What are the options for fixing the problem? Users can try entering the Windows System32 directory and delete the Arucer.dll file and then restart their system. They could also completely remove Energizer's USB Charger software, which would also remove the Arucer.dll file. Finally, there's the option of blocking port 7777, making it impossible for hackers to access the backdoor.

Rate this article: 
No votes yet