By Chris Scott Barr
No one wants to get a trojan on their computer, for quite obvious reasons. Thus one is careful about the sites they browse, the links they click and the software they download. Generally doing these things will keep your computer free of such malicious bits of software. But have you ever considered that your hardware might be hiding something nasty?
Apparently the Energizer DUO USB Battery Charger has been carrying around a nasty little trojan that can wreak havoc on your system. CERT has issued a warning and stated the following:
An attacker is able to remotely control a system, including the ability to list directories, send and receive files, and execute programs. The backdoor operates with the privileges of the logged-on user.
That’s right, something as simple as plugging in your USB battery charger could give someone complete control over your system. I think the question on everyone’s mind was how in the world the trojan was put onto all of these in the first place. The file is tied into the installer for the charging software, which also means that downloading it from Energizer directly was no better an option. (In my best Ricky Ricardo voice) “Energizer, you’ve got some ‘splainin’ to do.”
On a bright note, Mac users were not affected. The OSX version of the software was found to be clean.