A USB charger from Energizer uses software that contains a Trojan, according to US-CERT. The software was apparently developed outside the U.S. and may have been giving hackers access to PCs since 2007. An analyst said trust in the Energizer bunny may have led many consumers to install the DUO USB charger malware even with a warning.
Some Windows PC users may hope the Energizer bunny didn't keep going and going. It turns out the Energizer DUO USB battery charger is a vehicle for attacks on PCs, according to the Department of Homeland Security's Computer Emergency Readiness Team.
US-CERT researchers said Friday that the software that installs with the Energizer charger contains a Trojan horse that gives malicious hackers a back door into Windows machines.
"An attacker is able to remotely control a system , including the ability to list directories, send and receive files, and execute programs. The backdoor operates with the privileges of the logged-on user," US-CERT said. "Removing the Energizer USB charger software will also remove the registry value that causes the backdoor to execute automatically when Windows starts."
A Trusted Source
Although the fix seems relatively easy for consumers who are aware they have been infected, the path in was also straightforward. Rob Enderle, principal analyst at the Enderle Group, said consumers were probably not expecting the Energizer software to carry a malicious payload.
"Typically in a Windows 7 or even a Windows Vista install, if you mess around with ports you should get a warning," Enderle said. "Because consumers got the software from a trusted source, chances are you'll bypass the warning and go ahead and install it because you think you are only installing the battery monitor. This is a nasty piece of work."
Enderle questioned the origin of the software, noting that Trojans seem to make their way into programs when the software is developed outside the U.S. Chances are, he said, the software was developed in China or some other foreign country. newsfactor.com
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment