Feds issue warning over Energizer backdoor

Posted by Aharon Etengoff

The United States Computer Emergency Readiness Team (US-CERT) has identified a "backdoor" in Energizer's DUO USB battery charger software that allows unauthorized remote system access.

"The installer for the Energizer DUO software places the file UsbCharger.dll in the application's directory and Arucer.dll in the Windows system32 directory. When the Energizer UsbCharger software executes, it utilizes the UsbCharger.dll component for providing USB communication capabilities," explained Will Dormann of US-CERT.

"UsbCharger.dll executes Arucer.dll via the Windows rundll32.exe mechanism, and it also configures Arucer.dll to execute automatically when Windows starts by creating an entry in the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run registry key."

According to Dormann, Arucer.dll has been identified as a "backdoor" that permits unauthorized remote system access via accepting connections on 7777/tcp.

"Its capabilities include the ability to list directories, send and receive files, and execute programs. [However], the backdoor component of the Energizer UsbCharger software can be removed by deleting the Arucer.dll file from the Windows system32 directory," he added. 

Meanwhile, Sophos security expert Graham Cluley noted that Energizer's "backdoor" illustrated the serious threat posed by both malware and exploits.

"Any time you plug a storage device into your computer you are potentially exposing it to any malicious code which might reside on the unit," warned Cluley.

"So, that means that you have to be conscious that all sorts of items can carry malware, and could transmit it to your laptop or desktop computer if you attach it. It doesn't matter if it's an iPod, a BlackBerry, a sat-nav, or a digital photo frame. If it's got the ability to store data, it can store malware too."