The software bundled with the Energizer DUO USB-powered battery charger came with a little bonus: a Trojan horse.
We're used, by now, to stories of even the most innocent
of objects causing heartache by infecting unwilling host sytems with all manner of malware and viruses - but I bet you never thought you'd need to protect yourself from a battery charger.
Sadly, that day has come - the United States Computer Emergency Readiness Team has issued a warning
regarding the software shipped with the Energizer DUO, a USB-powered charger for NiMH batteries. While the charger itself - being not much more than a standard battery charger that runs from a 5v USB connection - is innocent in this, the software bundled sadly isn't.
As explained over on ComputerWorld
, the Windows-based monitoring software - designed to allow users to see how far the device has got in the charging process - contains a Trojan horse which opens a socket on TCP port 7777 and listens for commands. The Trojan - which is clever enough to enter an exception for itself into the Windows Firewall - claims to be a DLL file called "Arucer.dll
Once installed, the Trojan will remain active even if the Energizer charger isn't connected to the system - although due to the way the Trojan hooks into the Energizer software, uninstalling the package will prevent it from automatically starting on system boot.
Thankfully for those affected by the infection, cleaning is a relatively simple process: with few protections built in to the package, simply deleting the file "C:\Windows\system32\Arucer.dll
" and rebooting is enough to clear the system.
In order to prevent anybody else getting infected, Energizer has announced that it has removed the software from its website - and as the charger itself has already been discontinued, future outbreaks should be rare. However, the company is not planning a product recall - potentially meaning that retailers could still have affected stock on their shelves.
Are you disappointed to see Energizer not taking the issue seriously enough to issue a recall notice, or are infections like this one just part of the sad reality of modern-day computing? Share your thoughts over in the forums