Energizer Duo software suffers backdoor Trojan bother
A Trojan backdoor found its way into Energizer Duo USB battery charger software downloads. Malware bundled in a charger-monitoring software download package opens up a back door on compromised Windows PCs. The contaminated file is automatically downloaded from the manfacturer's website during the installation process, not …
It seems still to work at my desk if I don't let it install its software. In fact I don't think I've seen it. Main catch is that if you load 2 batteries there is only 1 charging light so you can't tell whether one of them isn't cleanly in contact and charging. Does the software help with that? Wrong question!
I've got one of these chargers, and it's good -- small and quick to charge. You never needed software for the charger to work, and it has a light on the actual hardware device that indicates charging/charged status. As one of the forgotten few -- I'm a Linux user -- I never even attempted to install any software. What idiocy made Energizer think that you needed any damn software in the first place? Pillocks.
But would there be any kind of compensation for this?
I mean, would they be liable for any private info that got leaked, or even for the fact that you have to clean up your PC?
It's a recharger unit that plugs into the usb port and uses the power to charge the battery, why does it need software again? I suppose to show the level of charge, but doesnt the light turn off when it has charged?
I have one of these, they are black/green right? with a flip panel for AAA -> AA batteries? I aint sure if mine is exactly this one, but it's an amazing piece of hardware, very useful, but doesnt need software.
I suppose it's a value-add thing, but still stupid
This reminds me of a cheap USB stick mp3 player I brought off Amazon a few years ago - it came with a free gift - a windows trojan! It happily would infect any windows machine set to auto run from the USB sockets unless you formatted the mp3 players drive first. Nice!
Manufacturers and importers should be held liable for damage caused by their products IMO, so what if it's the dodgey Chinese subcontractors who pre-installed it, quality control should extend to what comes preloaded and different suppliers found if it's a problem.
It's the digital equivalent of a "pirated Tweenie filled with soiled bandages brought from the covered market" if you ask me!
I hope their master code keeper wasn't still running IE6 at the time. I mean, who would be running that unsecure piece of crap in 2007?
I have one of these chargers (CHUSB) as well. Charger works fine, software is highly redundant (only displays charge time) as the LED on the device has various signalling states to indicate too low input power, error, charging, and charge complete.
What's funny is that I have the software installer, and have not yet found a virus scanner capable of finding anything wrong with it or it's contents (when unpacked). Either way, there's no point in downloading and installing it.
Poundland has a cheap looks-about-the-same-as-this device. I don't know if it comes with similar software, and I hesitate to encourage use of £1 USB accessories on a £1000 computer... By the way I've had trouble with some of their SD card reader(!) products - the ones with red LED on and with body shaped a bit like a plectrum. But a similar one with green LED is fine. Maybe Chinese quality control dropped.
Oh dear, I've one of these chargers and had been using the software; went through the security adviser, notice I hadn't allowed the "run dll as app" in the firewall excemptions, so I'm 'probably' alright.
Have now uninstalled the software, and 'uninstalled' Energizer from my will buy from list, now reallocated to the 'buy from when after hell freezer over' list.
Its astonishing that a major manufacturer can be so lax to allow this to happen and to have allowed it to go on for so long. I hope some form of class action suit takes a chunk out of their profits, I'm assuming no govt. agency will have the balls to do anything about this.
Sign up, sign up for The Register's weekly IT security newsletter - click here
