Energizer Duo USB charger software has trojan on board

By on Mar 8, 2010 at 11:34 AM
General March 8, 2010

Energizer USB DUO

The Duo seems to have been a failed experiment for battery maker Energizer in more ways than one. Sales of the USB nickle-metal battery charging station never really took off, and now, via a press release, the company has announced the monitoring software distributed with the Duo packs a fairly nasty Windows trojan. The rogue code, according to Computerworld: “listens for commands on TCP port 7777… can download and execute files, transmit files stolen from the PC, or tweak the Windows registry. The Trojan automatically executes each time the PC is turned on, and remains active, even if the Energizer charger is not connected to the machine.” Energizer released a statement saying: “Energizer is currently working with both CERT and U.S. government officials to understand how the code was inserted in the software.” 

Read

Tags:
, , , ,
38 Comments

Related Articles

  • REKIN

    Why would anyone charge their batteries via usb? Wouldn’t that take forever?

    • NoComment

      I guess 500 mA and 2,5W should be enough to charge AA and AAA batteries.

    • mingkee

      i have a similar charger supplied with Sanyo batteries. It can fully charge AA batteries overnight or AAA batteries in 2-3 hours.

    • Adam F

      I charge AA’s via USB all the time while traveling, it’s easier than traveling with the large charger. I just plug them into the USB ports on the laptop at night and let them charge away. Currently I’m using the USBCell AA’s that charge themselves ( they have their own USB plug in them ), they’re smaller capacity than the energizer/duracell batteries but they are real convenient :)

    • rederikus

      Yeah, I charge my Blackberry this way all the time when I can’t be bothered to walk to the chargung cradle. It works fine.

      • REKIN

        Hmmm…. I guess it does work. Ill see if I can try a set out.
        Thanks for that input everyone.

  • Tuna fish

    Stupid energizer dont they know duracell is better?

  • Ghost F8

    Massive Fail! I tried their charging dock for wii remotes and it didn’t work for 2 of the 4, they got rid of their phone centers so after sending them an email and waiting a week for a response they wanted me to send in the battery packs at my cost and said it would take 2 to 3 weeks to get them back. Instead just returned their product and bought another brand. I won’t purchase energizer again, as my expierence and this shows they are just rushing products to market with little to no testing or quality control. FAIL!

  • ich bin ein iPhoner

    Once a computer is infected, the Trojan keeps going and going and going and going …

    • cnote221

      Ha Ha!!!! Good one! +1 to ya

  • mingkee

    I’d plug it into USB hub (with AC adapter and without computer connection). Actually, I use it as USB power supply for a few years to elimate chargers’ headache.

  • SOUTHERN MISS ELITE

    They should simply offer full cash rebates to those who have this product and take it off the market ASAP

    • badonkadonk

      The physical charger is fine, they just don’t need to install the desktop monitor SW.

  • tristan

    fix windows? how is a usb charger installing a trojan? Should i have to worry about my humping dog flash drive stealing my credit card, my usb fish tank giving me blaster worm or my razer mouse stealing my cd key?

    • Doug

      @tristan

      The charger isn’t installing the trojan the software is. From the article … “the company has announced the monitoring software distributed with the Duo packs a fairly nasty Windows trojan”

    • http://www.applebythehour.com Jarrett

      Well, if you are using Windows you obviously may have to worry about those things.

      Also, don’t forget about the JAVA monster stealing your coffee cakes.

    • Dara

      The actual problem is having autoplay enabled for flash drives, which might have been a default setting for XP. I’m not sure because I always disable autorun since it’s main purpose seems to be to waste my time when I pop a disc in.

      If autoplay is enabled, the computer will run the indicated program when you connect the drive. This is, for obvious reasons, exploitable.

      Here’s some details.

      http://www.phdcc.com/shellrun/autorun.htm

      Windows 7 is immune to this attack as it does not allow autorun on USB drives and Mac OS X is immune because its Autostart feature does not allow programs to execute from any media.

      • tristan

        I figured it took the “U3 Flash drive” path and installed its payload anyways…

      • Dara

        I was wrong.

        The malware was included in software that had to be downloaded and installed by the user.

        Clearly, the QA guy was sick that day.

  • Nokia N900

    I guess Duracell wins this round!

  • http://www.applebythehour.com Jarrett

    So, is the information from the company suggesting only Windows PC’s are affected? Some of those terms seemed strictly Windows. Can someone confirm this please. I just need to know if my Mac can suffer the same.

    • http://www.applebythehour.com Jarrett

      Seriously, someone gave me a minus for asking a question? Reminds me of 7th grade science when I asked Mr. Nash why he was constantly jiggling his hand in his pocket? “I am playing with my keys”. “Mr. nash your keys are in your other pocket, so what is it that you are really playing with?” He kicked me out of class.

      • StevenGlansburg

        It was a Windows fanboy thinking you were implying that maybe OSX is better because its not affected. silly kids

      • http://www.applebythehour.com Jarrett

        Windows, silly, and kids. All in the same post, I see what you did there. That was quite clever.

  • http://www.applebythehour.com Jarrett

    Windows: 180,000 viri
    UNIX under-the-hood OS: 0

    With 180,000 viri it is definately getting harder to write new executable code to access ActiveX. I mean, what hasn’t been wrote already. You think you have come up with new stuff just to find out that a similar virus was written in 2002. Someone stole your thunder long ago. No wonder Charlie Miller said “Trying to write viri for Mac is fun.” Even hackers know that if you are hacking Windows it was previously done 180.000 times. Since there is nothing in the wild for Mac OS X it would seem the place to start.
    Can you imagine that feeling you would have as a hacker knowing that you got to finally shut-up those arrogant assholes using Mac OS X. I personally can’t wait for the first virus to actually reach the wild and affect all those Mac users. Then again, haven’t we been waiting for this to happen for 20+ years?

    • ~phel

      Hi Jarrett, you may find this 2006 article from msnbc interesting. It’s in regards to a Mac OS X virus, cheers. http://www.msnbc.msn.com/id/12537279/

      • http://www.applebythehour.com Jarrett

        Actually, that was in regard to a vulnerablity. And being that the ignorant user had to “repeatedly” click (give permission) on the pop ups. No virus was detailed. If I gave you my Admin information for my machines you could literally install any software you wanted. This is what happens when you “give permission” The problem is with a Mac you have to give permission. This is why it was not classified as a virus. It is also why four years later you couldn’t find anything similar.

        Cheers

      • Dara

        Here you go Jarrett:

        http://www.bcs.org/server.php?show=conWebDoc.34329

        One of the key quotes:

        “the complacency of Mac users, who have almost been led to believe that their platform is germ-free, may lead to more serious outbreaks should virulent malware target the Mac. Most Mac users simply don’t know how to react in the event of a malware attack.”

      • Repeat

        Didn’t somebody already cover the whole Windows vs Mac debate? Something about 80 percent marketshare for windows and 5 percent marketshare on Mac or something? Something about how even just a fraction of Microsoft users who happen to be computer illiterate equals out to the entire Mac user base…. Mac users will rue the day when hackers decide that Mac has enough of a base to bother with in the corporate world and personal world…

      • http://www.applebythehour.com Jarrett

        @ Dara,

        The funny thing is I wouldn’t know who is leading these users. Most Mac users I know are pretty intelligent about not clicking on things just to click on them. Just as I am sure most Windows users you know are quite aware of this also.

        Most things come down to common sense. If something has happened to someone’s system (Windows, Mac or otherwise) the user has generally done it to themselves. I remember when Windows users were experiencing an executable code installing on their systems due to the sotware on a certain model iPod. It seems that software at the factory installed on the iPod was infected. Sadly for Windows users this affected them and them only. Apple I remmeber was pretty pissed and threw MS under the bus publicly.

        Are there Mac user that are complacent? I am sure there are, they are generally the ones clicking on things or giving permission for things to enter their systems. My Macs are given only what I authorize for them to receive

  • rederikus

    Sounds like a ” Shit. Oh dear. ” moment to me.

  • http://www.nooksurfer.com NookSurfer

    I’d be interested to see how many lawsuits will spawn from this.

  • gquaglia

    I’m betting it was made in China. I wouldn’t be surprised if a good deal of computer products made there had some type of trojan or sleeper virus built in.

    • Mrwirez

      EVERYTHING is made in China. All the technology and debt is gonna bite us in the ass by dealing with China. The Chinese government are ruthless. Many bot-nets, trojans, and spyware come from Chinese universities.

  • http://web.me.com/mel.tan/ThoughtForFood/Journal/Journal.html Mel

    It would be a type of product I’d consider buying… one of my first questions really would be…

    Why do you need WINDOWS to run a battery charger? Wouldn’t there also be licensing fees for using Windows. What about Linux? Doesn’t the micro-controller also come with a basic OS?

  • Mrwirez

    Wow, research & development and quality control all missed this?? Booooo! Time for Duracell.

  • cnote221

    Epic Fail? lol i think so.

    But in all honesty you have to commend Energizer and Duracell for these types of ideas. Really when you think about there business is shrinking as theres really no need to buy throw away batteries.

    Applause for at least having the innovative spark to say ‘hey we need to try something new if were gonna stay in business”

    To bring it full circle there trying to do what a lot of companies and corporations should do. Move things forward and progress instead of keeping things stale and stagnant trying to milk consumers for every penny you can running the risk of collapsing all together.

    E.I. What us bloggers said about the GPS companies when google announced it launch for free GPS service.

  • Euphoria64

    The people who make trojans, malware, adware, and all things of the sort should be shot and killed. Period.

blog comments powered by Disqus