Loading ...According to theRegister, the software created by Energizer for USB battery charging, has suffered a trojan attack. Malware was
found all bundled up in the software download and can open a back door for trojan attacks on the affected computer(s).
The download is actually automatically downloaded to your computer from the Energizer website, so it’s not that it was bundled with an installation CD or anything like that. The malicious file was noted as “Arucer.dll” by Symantec and will cause some different types of havoc on the affected computer. The file can send files to the remote attacker or download other pieces of malware to your computer and this is all done automatically by the hackers using the backdoor the file created in the software.
A Note from Symantec
We were interested in finding out how long this file had been available to the public. The compile time for the file is May 10, 2007. It is impossible to say for sure that this Trojan has always been in this software, but from our initial inspection it appears so. We also suspected that the entire file may have been inserted into the package without the creator’s knowledge, but upon closer inspection we discovered the DLL checks for the USB device.
Energizer has discontinued the sale of the Duo Charger (CHUSB). They have also started to investigate how the back door was created. In a situation like this you often wonder if creating the back door was an inside job. No amount of money is worth losing your job over, but if the hackers got to ONE person on the inside, a lot of computers can be infected in a short time, sometimes leaving no trace of where the attack came from.
You can find more information about this attack post by US CERT, here.
You might also like
|
|
|
|
|
