Do you use the the Energizer DUO USB battery charger? If so, you’ll be interested to know that the United States Computer Emergency Response Team (US-CERT) has warned that software included in this charger contains a software “backdoor” or Trojan that allows hackers to remotely access vulnerable systems.
In its advisory, the US-CERT warned that the installer for the Energizer DUO software places files in your system that allow an attacker to potentially remotely control your system, including the ability to list directories, send and receive files, and execute programs. The backdoor operates with your logged-on privileges and starts every time you start your computer. Furthermore, the Trojan operates whether the charging device it works with is connected or not.
Energizer has acknowledged the issue in a statement released at its website. The company said it has discontinued sale of this product and has removed the site to download the software. In addition, Energizer is directing consumers to uninstall or otherwise remove the software from your computers.
This incident illustrates the fact that these days threats to your computer and/or network can come from anywhere–including something as seemingly innocuous as your USB battery charger. As always, we advise our clients to be constantly vigilant against such threats. If you don’t have the time or resources to do this yourself (and most don’t!), perhaps it’s time to consider our Managed Security services. Give us a call – we’ll be glad to help.
Related articles:
- Energizer Announces Duo Charger and USB Charger Software Problem (marketwatch.com)
- Sony Music CDs surreptitiously install DRM Trojan horses on PCs (zdnet.com)
- Malware hitches a ride on digital devices (securityfocus.com)