Tuesday we reported that a Panda Security employee discovered three malware programs on his new HTC Magic phone. However there was also another malware-related report on Tuesday as well, provided by the United States Computer Emergency Readiness Team. (US-CERT). Like the HTC phone, malware was discovered in association with a new, trusted device.
According to the official report, the team discovered a trojan residing in software packaged with the Energizer DUO USB Battery Charger. Although the installer places a legitimate file into the application's directory, it also places Arucer.dll into the Windows system32 directory. The latter file has been classified as a backdoor trojan that allows unauthorized remote system access.
For users of Windows XP SP2 or later, the system's built-in firewall will prompt the user about the Energizer USB Charger software accessing the Internet. Naturally, unsuspecting consumers unblock the request, thus accepting connections on TCP port 7777 and leaving the PC open for hackers. "An attacker is able to remotely control a system, including the ability to list directories, send and receive files, and execute programs," the report reads. "The backdoor operates with the privileges of the logged-on user."
The US-CERT said that users can simply uninstall the Energizer USB Charger software, however the Arucer.dll file will still remain in the Windows system32 directory until it is manually removed. But by uninstalling the software, users are removing the registry value that causes the backdoor to execute automatically when Windows starts, thus leaving Arucer.dll inactive.
Consumers wanting to run the software provided by Energizer could alternatively block access to TCP port 7777 in their firewall settings. For more information, head here.
