Energizer Malware

Published: 2010-03-09
Last Updated: 2010-03-09 10:09:31 UTC
by Marcus Sachs (Version: 2)
1 comment(s)

We received several emails today about the US-CERT analysis of Trojan horse software found in an application designed for a battery recharger.  Our assessment is that due to the dates involved (2007 and 2008) this is likely related to the rash of malware we reported a couple of years ago that was found on digital photo frames, iPods, GPS devices, and other consumer products.  If any of our readers have any additional technical information or observations to share about this case, please use the comment feature below.

Marcus H. Sachs
Director, SANS Internet Storm Center

UPDATE: Due to the high demand and number of notifications from our ISC readers, be aware that yesterday new Nmap and Metasploit modules to detect and exploit this trojan were released.

Keywords: malware
1 comment(s)

Comments

The install exe for this software is code-sign timestamped 31st July 2007. I noticed this open port (7777) after installing the software, but as it was part of a digitally signed archive, I didn't think it would be malware!

Verisign have still not revoked the code-signing certificate that this software is signed with and neither does my anti-virus detect the malicious dll.

I think this shows how even software from big companies which is digitally signed cannot always be trusted. Energizer should be taking serious action against their software supplier.

Diary Archives