Maker Pro
Maker Pro

Energizer USB Duo battery charger hides a Trojan

D

Don McKenzie

Energizer USB Duo battery charger hides a Trojan
March 9, 2010 by Lin Edwards

(PhysOrg.com) -- The Energizer Duo USB battery charger has been hiding a
backdoor Trojan in its software that affects computers using Windows.
According to Symantec the Trojan has probably been there since 10th May
2007.

Energizer has now taken the software for the model CHUSB charger off the
market and removed the site from which it could be downloaded, and the
company is asking customers who downloaded the Windows version to
uninstall it. There are easy steps to fight the Trojan in affected
machines, and Macintosh users are not affected.

http://www.physorg.com/news187335556.html

Cheers Don...


--
Don McKenzie

Site Map: http://www.dontronics.com/sitemap
E-Mail Contact Page: http://www.dontronics.com/email
Web Camera Page: http://www.dontronics.com/webcam
No More Damn Spam: http://www.dontronics.com/spam

Product Sellout: 15% OFF 4DSystems OLED Displays & modules.
http://www.dontronics-shop.com/micro-oled.html
 
D

Don McKenzie

D said:
And *none* of the users who own this device have *ever* run
a virus scanner??

Makes you wonder, if Symantec said the Trojan has probably been there
since 10th May 2007, then why one of those customers that run virus
scanners, didn't report it to Energizer when they found it.

And if they did, why something wasn't done about it in 2007.

I saw them on the shelf recently and thought, I must get one of those.
Much better than carrying an ac charger around with my netbook gear.

Cheers Don...





--
Don McKenzie

Site Map: http://www.dontronics.com/sitemap
E-Mail Contact Page: http://www.dontronics.com/email
Web Camera Page: http://www.dontronics.com/webcam
No More Damn Spam: http://www.dontronics.com/spam

Product Sellout: 15% OFF 4DSystems OLED Displays & modules.
http://www.dontronics-shop.com/micro-oled.html
 
D

D Yuniskis

Don said:
Energizer USB Duo battery charger hides a Trojan
March 9, 2010 by Lin Edwards

(PhysOrg.com) -- The Energizer Duo USB battery charger has been hiding a
backdoor Trojan in its software that affects computers using Windows.
According to Symantec the Trojan has probably been there since 10th May
2007.

Energizer has now taken the software for the model CHUSB charger off the
market and removed the site from which it could be downloaded, and the
company is asking customers who downloaded the Windows version to
uninstall it. There are easy steps to fight the Trojan in affected
machines, and Macintosh users are not affected.

http://www.physorg.com/news187335556.html

And *none* of the users who own this device have *ever* run
a virus scanner??
 
M

Mickel

D Yuniskis said:
And *none* of the users who own this device have *ever* run
a virus scanner??

*Surely* this trojan didn't actually do anything. If it started calling out
on port 7777 someone would have noticed.
 
D

D Yuniskis

Mickel said:
*Surely* this trojan didn't actually do anything. If it started calling out
on port 7777 someone would have noticed.

How do you know it calls *out* and doesn't just open 7777 and
*wait* for an incoming connection?

Regardless, a virus scan would/should have noticed the payload.
 
M

Mickel

D Yuniskis said:
How do you know it calls *out* and doesn't just open 7777 and
*wait* for an incoming connection?

Possibly but considering even basic home routers have nat these days it
wouldn't be very effective. So pretty much it would do nothing.
Regardless, a virus scan would/should have noticed the payload.

Why? Unless it is a know virus it's unlikely to get picked up.
 
P

Przemek Klosowski

And *none* of the users who own this device have *ever* run a virus
scanner??

A virus scanner only detects the viruses that match a known signature, or
which do something that it knows about. If the malware is stealthy enough
it won't be detected.
 
D

D Yuniskis

Mickel said:
Possibly but considering even basic home routers have nat these days it
wouldn't be very effective. So pretty much it would do nothing.


Why? Unless it is a know virus it's unlikely to get picked up.

In two years it remained hidden?
No one ever ran TCPview?
 
Top