14 DAY TRIAL // U.S. battery manufacturer Energizer has suspended sales of its "Energizer DUO" product after a computer trojan was located in the software accompanying the product. Security experts suspect the malware has been distributed from the company's website since as far back as 2007.
The Energizer DUO is a USB/AC battery charger supporting a maximum of two (hence the name) AA or AAA NiMH rechargeable batteries. A program called "Energizer UsbCharger," which allows users to monitor the state of the batteries in the Energizer DUO, used to be available for download on the manufacturer’s website.
It is in the Windows version of this software package that the computer trojan was found in the form of a DLL file called Arucer.dll. An advisory concerning the malware was published by the U.S. Computer Emergency Response Team (US-CERT), which credits a user named Ed Schaller with its discovery.
In addition to performing its own analysis on the suspicious file, US-CERT sent a copy to U.S. antivirus vendor Symantec for further investigation. "We found that the file was a Trojan that opens a back door on a compromised computer and listens for commands on port 7777," wrote Liam O. Murchu, Symantec's supervisor of security response operations for North America.
The malware, which Symantec dubbed Trojan.Arugizer, installs itself so that it runs at computer restart and is able to download, execute or upload files. The name of its creator could be "Liu hong," a string mentioned several times inside the source code.
"We were interested in finding out how long this file had been available to the public. The compile time for the file is May 10, 2007. It is impossible to say for sure that this Trojan has always been in this software, but from our initial inspection it appears so," explained Mr. Murchu. It also seems that the file was an intended part of the software package since its creation and did not infect it at a later date. This is because the malicious .dll has code that specifically searches for the charger USB device.
Energizer Holdings confirmed the problem and is working with government officials and US-CERT to determine the circumstances that led to this incident. "Energizer has discontinued sale of this product and has removed the site to download the software," the company announced in a press release. Consumers who installed this software are instructed to immediately uninstall and delete the Arucer.dll file from the system32 directory.
