HomeBlogsDave Keays's blog

Energizer Bunny infection

Mon, 03/08/2010 - 18:14 — Dave Keays

Well, word just in that Energizer Bunny is a threat to a PC's health and security. This points-out a couple of issues users need to address.

But we'll first look at the details of the threat:

It seems that a malicious trojan horse was installed on the software for a USB powered battery recharger.

While many of the technical details have been held back while Energizer is working with United States Computer Emergency Readiness Team (US-CERT), we do know that the malicious file is "Arucer.dll" and uses port 7777 for control. It is capable of downloading and executing files, sending files on the machine, and changing the registry. It seems this program which is meant to show the amount of charge on a battery being charged is loaded at boot time so you are infected even if you never open the bunny software or never connect the bunny.

To clean-up after an infection; uninstall the software, restart your computer, remove the file "arucer.dll" from the System32 directory, and block port 7777/tcp with a firewall.

Now onto lessons we've learned:

First lesson; do not automatically trust shrink-wrapped or brand-new computer equipment. This is not the first time that malicious code has slipped into a product and fresh off the shelf so that the manufactorer or retail store becomes a distributor of malicious code. Seagate, Apple, and Best Buy are three of the more recent incidents of malicious code on brand-new machines.

Second lesson; don't use the administrative account unless necessary. While it is not said specifically, I assume that these acts could not be done on a limited user in Vista. The administrator account in Vista is not as powerful as it was in XP, but it is still dangerous and should be shunned whenever possible.

Third lesson; only run software when you need it. This is for the authors of the programs. I've noticed a trend where software for programs are loaded before the program is running. This does allow for faster startup times, but it also is more of a window of opportunity for the malicious code. As an example; OpenOffice (OO), which is in direct compitition with MicroSoft's Office (MS-Office), was much slower to start than MS-Office. The reason was written-off as the fact that part of MS-Office was loaded before hand. When I notice that OO was doing the same thing, I was worried at first. Fast startup times are nice, but not if they increase the chance of infection.

Fourth lesson; being a Windows user this one is hard for me to admit. But the fact is that while versions for MacIntosh and Windows were available, only the Windows was infected. That may have be because Windows is more popular or it maybe that Windows is more insecure. We can point to the fact that Windows Vista and Windows7 is much more secure than XP or before and that the attacks on Macs has increased, but we have to admit that in at least this case, Windows was truly more of a threat to users.

The battery charger has been discontinued by Energizer.

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
seagate by Joseph Smith
Seagate is a hard disk by admin
I got a pic frame by Wanda Johnson
merry christmas by Dave Keays
I got 1 by Maureen Carroll
I don't know. You'll have to by admin

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options