The system security goes from worst to worst. Now a USB battery can distribute malware. One more in the dead line, what next?
After Vodafone GTC Magic now another well known corporate product Energizer DUO able to break customer trust. For those who don't know about Energizer DUO, It's a charger for two AA or AAA batteries that can be plugged into USB ports. While no software is needed to use the charger, Energizer did provide an application that would display the charge level of the batteries inserted into the charger.
However, the application do something more now. It also includes a backdoor BKDR_ARUGIZER.A. This particular backdoor opens port 7777 to incoming connections, allowing it to receive various commands from remote users. Among the possible commands are to:
- Download and execute files
- Delete files on affected systems
- Upload files from affected systems to a server
Windows 7 & Vista user do get a warning when a program try to open a port but average user usually avoid the warning as they trust the vendor. The good thing is Energizer announced they going to discontinued sale of the charger in question and currently working with the US-CERT and U.S. government officials to understand how the code was inserted into the software.
You can use Trend Micro's HouseCall program which capable to remove this type of backdoor and also it's free.
Source: Trend Lab
Post a Comment