News: Energizer Duo USB Battery Charger with free trojan!
by Ted Mc from BlindMind.net, 9 Mar 2010
Energizer Value-Add Gone Bad?
USB gadgets and devices have become so popular and so cheap, ranging from digital keychain photo frames to USB coffee mug warmers & coolers, that they seem to be continually competing to offer more features to entice you into that impulse buy at the sales counter for an additional $9.95.
One Energizer USB Battery Charger, the Duo, was likely just trying to make its product stand out from the dozens of other USB battery chargers, when they decided its installation disc would offer user the option to download additional software to see charging status information on the PC screen.
What Energizer didn't intend, was the added bonus of that software installing a trojan virus that would open a back door on the users system, allowing hackers control over the entire computer.
CERT, a leading anti-virus research organization, reported the exploit to the company, who have now taken the software offline, preventing any more users from being able to download it.
This product was released in 2007, and Symantec, who recently looked into it, advises it's likely that the trojan has been implanted on any computers who chose to download the supplemental software when they bought the USB device since that time.
How could this happen?
There were a rash of USB devices that ended up on U.S. stores in 2007, whose software was designed and shipped from China, that contained trojan horse viruses. The source of the infections turned out to be infected computers at the company's shipping site who were responsible for duplicating the installation CD's that go with USB devices. It is speculated that the Energizer Duo's software problem is another victim of outsourced companies using infected computers to get products ready for shipment.
So what now?
To sum up, if you own this device, and told the installer to download the additional software, remove it immediately, ensure your virus definitions are up to date, and do a full system scan. If you haven't downloaded/installed the supplemental software during install of your USB battery charger, you can continue to use the hardware safely, and without risk of infection.
Energizer Value-Add Gone Bad?
USB gadgets and devices have become so popular and so cheap, ranging from digital keychain photo frames to USB coffee mug warmers & coolers, that they seem to be continually competing to offer more features to entice you into that impulse buy at the sales counter for an additional $9.95.
One Energizer USB Battery Charger, the Duo, was likely just trying to make its product stand out from the dozens of other USB battery chargers, when they decided its installation disc would offer user the option to download additional software to see charging status information on the PC screen.
What Energizer didn't intend, was the added bonus of that software installing a trojan virus that would open a back door on the users system, allowing hackers control over the entire computer.
CERT, a leading anti-virus research organization, reported the exploit to the company, who have now taken the software offline, preventing any more users from being able to download it.
This product was released in 2007, and Symantec, who recently looked into it, advises it's likely that the trojan has been implanted on any computers who chose to download the supplemental software when they bought the USB device since that time.
How could this happen?
There were a rash of USB devices that ended up on U.S. stores in 2007, whose software was designed and shipped from China, that contained trojan horse viruses. The source of the infections turned out to be infected computers at the company's shipping site who were responsible for duplicating the installation CD's that go with USB devices. It is speculated that the Energizer Duo's software problem is another victim of outsourced companies using infected computers to get products ready for shipment.
So what now?
To sum up, if you own this device, and told the installer to download the additional software, remove it immediately, ensure your virus definitions are up to date, and do a full system scan. If you haven't downloaded/installed the supplemental software during install of your USB battery charger, you can continue to use the hardware safely, and without risk of infection.
Posted by Ted Mc at 9 Mar 2010, 3:36 PM 
Categories: Technology, Internet, Miscellaneous, News - Hardware, News
Tags: battery charger Gadgets USB device Internet Energizer technology News
Categories: Technology, Internet, Miscellaneous, News - Hardware, News
Tags: battery charger Gadgets USB device Internet Energizer technology News
Comments