Irregular Expressions

Mar 10 2010   3:48PM GMT

Energizer Malware

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

This is far too interesting not to post, US-CERT has analysis of malware discovered in Energizer battery chargers USB software.  When the charging software is installed it drops two DLL’s on the system, one of which is Arucer.dll. Arucer.dll is the backdoor, it creates a listening socket on TCP port 7777, if you are running Windows XP SP2 or higher you will get a prompt from the firewall to allow or block access.

When installed it will allow the remote user to list, send, receive and execute files on the system.

US-CERT has snort signatures listed on the link provided below if you have a sensor in your environment.

You can get full details here

There is a CVE for this CVE-2010-0103.

Security Focus has a metasploit plugin

Also there is an update for NMAP out to detect this.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: