Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    The United States Computer Emergency Readiness Team (US-CERT) issued a new vulnerability note. However, this particular “vulnerability” concerns a rather unusual product—a USB charger for rechargeable batteries.

    The Energizer DUO is a charger for two AA or AAA batteries that can be plugged into USB ports. While no software is needed to use the charger, Energizer did provide an application that would display the charge level of the batteries inserted into the charger.

    However, the said application goes far beyond that. It also includes a backdoor detected by Trend Micro as BKDR_ARUGIZER.A. This particular backdoor opens port 7777 to incoming connections, allowing it to receive various commands from remote users. Among the possible commands are to:

    • Download and execute files
    • Delete files on affected systems
    • Upload files from affected systems to a server

    While this backdoor does have routines that could cause significant problems, it is not yet clear if these were actually used. Energizer already released an official statement on the issue, announcing the discontinued sale of the charger in question. It is likewise currently working with the US-CERT and U.S. government officials to understand how the code was inserted into the software.

    Trend Micro™ Smart Protection Network™ already protects product users from these threats by detecting and preventing the file’s execution on affected systems via the file reputation service.

    Non-Trend Micro product users, on the other hand, can use free tools like HouseCall, which identifies and removes various viruses, Trojans, worms, unwanted browser plug-ins, and other malware from affected systems.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice