Energizer USB Battery Charger Has Secret Access To Your PC

Posted by Pile (9528 views) Add this story to MyYahoo Add this article to del.icio.us Submit article to Reddit Add story to Furl Add story to StumbleUpon [E-Mail link]


[Faulty Products]
That cool USB-based battery charger you connected to your computer? Who knew it secretly installed software on your machine that allows someone to connect and control your computer remotely without your knowledge?

The United States Computer Emergency Response Team (US-CERT) has warned that the software included in the Energizer DUO USB battery charger contains a backdoor that allows unauthorized remote system access.

In an advisory, the US-CERT warned that he installer for the Energizer DUO software places the file UsbCharger.dll in the application's directory and Arucer.dll in the Windows system32 directory.

When the Energizer USB Charger software executes, it utilizes the UsbCharger.dll component for providing USB communication capabilities. UsbCharger.dll executes Arucer.dll via the Windows rundll32.exe mechanism, and it also configures Arucer.dll to execute automatically when Windows starts by creating an entry in the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry key.

US-CERT said that Arucer.dll is a backdoor that allows unauthorized remote system access via accepting connections on 7777/tcp.

Here's the major risk:

An attacker is able to remotely control a system, including the ability to list directories, send and receive files, and execute programs. The backdoor operates with the privileges of the logged-on user.

Details

 

Energizer Bunny
Posted by permial on 2010-03-17 08:02:18
I suppose we should just guess which emerging economic power builds these devices?
Chickitty China, The Chinese Chicken, Invading a Country,
Posted by ChinkyFunkin on 2010-11-21 12:18:55
Chickitty China, The Chinese Chicken, Invlading a Country,and kleep on klickin?

YOU HAVE?
 

Comments

 
Name: (change name for anonymous posting)
Title:
Comments:
   

1 Article displayed.

Pursuant to Section 230 of Title 47 of the United States Code (47 USC § 230), BSAlert is a user-contributed editorial web site and does not endorse any specific content, but merely acts as a "sounding board" for the online community. Any and all quoted material is referenced pursuant to "Fair Use" (17 U.S.C. § 107). Like any information resource, use your own judgement and seek out the facts and research and make informed choices.

Powered by Percleus (c) 2005-2047 - Content Management System

[Percleus 0.9.4] (c) 2005, PCS