Posted by: Dan O'Connor
when relevant content is
added and updated.
This is far too interesting not to post, US-CERT has analysis of malware discovered in Energizer battery chargers USB software. When the charging software is installed it drops two DLL’s on the system, one of which is Arucer.dll. Arucer.dll is the backdoor, it creates a listening socket on TCP port 7777, if you are running Windows XP SP2 or higher you will get a prompt from the firewall to allow or block access.
When installed it will allow the remote user to list, send, receive and execute files on the system.
US-CERT has snort signatures listed on the link provided below if you have a sensor in your environment.
You can get full details here http://www.kb.cert.org/vuls/id/154421.
There is a CVE for this CVE-2010-0103.
Security Focus has a metasploit plugin http://downloads.securityfocus.com/vulnerabilities/exploits/38571.rb.
Also there is an update for NMAP out to detect this.