Irregular Expressions

Mar 10 2010   3:48PM GMT

Energizer Malware



Posted by: Dan O'Connor
Tags:
energizer malware

This is far too interesting not to post, US-CERT has analysis of malware discovered in Energizer battery chargers USB software.  When the charging software is installed it drops two DLL’s on the system, one of which is Arucer.dll. Arucer.dll is the backdoor, it creates a listening socket on TCP port 7777, if you are running Windows XP SP2 or higher you will get a prompt from the firewall to allow or block access.

When installed it will allow the remote user to list, send, receive and execute files on the system.

US-CERT has snort signatures listed on the link provided below if you have a sensor in your environment.

You can get full details here http://www.kb.cert.org/vuls/id/154421.

There is a CVE for this CVE-2010-0103.

Security Focus has a metasploit plugin http://downloads.securityfocus.com/vulnerabilities/exploits/38571.rb.

Also there is an update for NMAP out to detect this.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: