Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Energizer USB Battery Charger Software Infects PCs

Soulskill posted more than 4 years ago | from the bad-bunny dept.

Toys 260

swandives writes "Researchers at US-CERT have warned that software accompanying the Energizer DUO USB battery charger contains a Trojan that gives hackers total access to a Windows PC. The product was sold in the US, Latin America, Europe and Asia starting in 2007. Upon installation, the software creates the file 'Arucer.dll,' a Trojan that listens for commands on TCP port 7777. Upon receiving instructions, the Trojan can download and execute files, transmit files stolen from the PC, or tweak the Windows registry. Uninstalling the software disables the automatic execution of the Trojan. Users can also remove Arucer.dll from Windows' system32 directory and reboot the machine to disable the backdoor component."

cancel ×

260 comments

Sorry! There are no comments related to the filter you selected.

Near Anagram for Duracell (5, Funny)

eldavojohn (898314) | more than 4 years ago | (#31401870)

Interesting that Arucer.dll is (aside from an extra 'r') an anagram for Energizer's competitor Duracell [wikipedia.org] . Perhaps the authors of the software thought Duracell was spelled 'Durracell'? And perhaps they decided to pick an anagram of the competitor to make it look as though Duracell is behind this?

Re:Near Anagram for Duracell (0)

Anonymous Coward | more than 4 years ago | (#31401898)

Hackers have senses of humour as well you know.

Re:Near Anagram for Duracell (2, Insightful)

discorob3 (1479279) | more than 4 years ago | (#31402318)

yes, but the people who are resposible for this are not "hackers" but criminals....

Re:Near Anagram for Duracell (4, Insightful)

toastar (573882) | more than 4 years ago | (#31402616)

you think the Term 'hacker' and the term 'criminal' are mutually exclusive?
  I know we spent a decade trying to show the world they are different,
but even a technically skilled criminal can be a hacker.... he just has to wear a black hat while he does his deed.

Re:Near Anagram for Duracell (0, Redundant)

khellendros1984 (792761) | more than 4 years ago | (#31402694)

Those two labels aren't mutually exclusive.

Re:Near Anagram for Duracell (4, Informative)

Jazz-Masta (240659) | more than 4 years ago | (#31402072)

There have been reports of Arucer.dll utilizing 100% CPU as far back as mid 2007. It was originally included by Energizer and used to check that the device was indeed connected to the machine.

They aren't sure how long dll has been infected, but all signs point to the entire time (back to May 2007). Considering how many forum posts have issues with the dll going back 2.5 years, you'd think someone would have figured it out long ago.

Re:Near Anagram for Duracell (0)

Anonymous Coward | more than 4 years ago | (#31402184)

There have been reports of Arucer.dll utilizing 100% CPU as far back as mid 2007. It was originally included by Energizer and used to check that the device was indeed connected to the machine.

They aren't sure how long dll has been infected, but all signs point to the entire time (back to May 2007). Considering how many forum posts have issues with the dll going back 2.5 years, you'd think someone would have figured it out long ago.

Most users are so stupid that it's no surprise they'd let this go unnoticed for so long. You know, the ones who speak stupidly as well, saying things like "I'm not a computer expert!" when all you're asking is basic competency.

Re:Near Anagram for Duracell (0)

Anonymous Coward | more than 4 years ago | (#31402226)

I fucking hate it when people do that shit.

"Oh, I don't know about computers! Get someone else to do it!"

Makes me thing of the state of mind of those in Atlas Shrugged >

Re:Near Anagram for Duracell (2, Insightful)

wjousts (1529427) | more than 4 years ago | (#31402618)

Since when has determining your processor utilization been considered basic competency? Get off you high horse.

Re:Near Anagram for Duracell (1, Insightful)

grahamsz (150076) | more than 4 years ago | (#31402776)

I'd say that determining your fuel utilization is basic competency for driving a car

Re:Near Anagram for Duracell (3, Informative)

causality (777677) | more than 4 years ago | (#31402934)

Since when has determining your processor utilization been considered basic competency? Get off you high horse.

I think it's intellectually dishonest to mention processor utilization as though that were the only possible way. I notice this frequently, that people are often rather eager to excuse and defend incompetent users out of some misguided sympathy for them. Real compassion for them would mean teaching, explaining, and providing good references for their edification. It would not mean excusing their failures or sugarcoating their incompetence. Any literate adult can achieve competency with a computer, and most problems that make the network a worse place for everyone directly involve users who lack knowledge, so why the "get off your high horse" spite towards those who expect better?

If anything, I think the "high horse" is the belief that users will always be ignorant, will always be victims of these security issues, and can never overcome them. It is not the belief that they can and should overcome them. That's especially evident to me when you have to (intentionally or otherwise) zero in on one particularly unlikely means of detection because you think ignoring other possibilities helps your case. This is known as confirmation bias, incidentally. In response, I'll give you a plausible scenario for which CPU utilization need not be measured.

I'll give another scenario under which this could have been detected. Here, when I say "firewall", I refer to Komodo, ZoneAlarm, and other software firewalls that are commonly available for Windows and/or free of charge, and are installed on millions of machines.

Running a firewall that could have alerted the user to suspicious/unprompted network activity is basic competency, right up there with running a virus scanner and an anti-spyware scanner. For Windows, these tools can be regarded as "maintainence", and anyone who operates a machine without correctly maintaining it (personally or by seeking help) cannot be rightly called competent. Now, basic competency may or may not correctly interpret that network activity, but that doesn't matter. It doesn't take computer expertise to say "hey, this firewall keeps asking me about things I don't understand and did not set up myself, so maybe I should get this computer looked at by a techie." At that point you're no longer talking about average users and whether they can achieve competency.

Re:Near Anagram for Duracell (2, Insightful)

jellomizer (103300) | more than 4 years ago | (#31403252)

In many ways we are all guilty of being ignorant in one area or an other. However saying someone is stupid for not knowing how to do something or even look up how to do it is rude and unwarranted.

I have seen and met a lot of people who wouldn't know or even know to check the CPU usage on their PC however they are actually very smart and intelligent individuals. Why because they really could care less about their computer. It is an appliance for them, it does what they want them to do. It is using 100% cpu while it is charging a battery so be it, it must be part of normal operations. They have other things to worry about. We as "Computer People" do care about stuff like that so we keep an eye on things such as CPU speed. When my PC runs slow or just doesn't feel right I check the CPU Usage and what processes are running, that could be causing the trouble.

Re:Near Anagram for Duracell (1)

Anonymous Coward | more than 4 years ago | (#31402722)

I'm sorry, this is relevant to GP post about Duracell how, exactly?

Re:Near Anagram for Duracell (1)

Sagelinka (1427313) | more than 4 years ago | (#31402238)

That's interesting, it might be a coincidence though. Ive never heard of "Battery Manufactures" having malicious software on there usb products or blaming it on others. But in this information age anything is possible if it has $$ next to it.

Re:Near Anagram for Duracell (4, Funny)

CaptnMArk (9003) | more than 4 years ago | (#31402254)

Duracell(r)

Re:Near Anagram for Duracell (1, Insightful)

LaminatorX (410794) | more than 4 years ago | (#31402312)

Or rather: Duracell®

A clean uninstaller? wow! (1)

Gopal.V (532678) | more than 4 years ago | (#31401900)

Heck, I can't figure out how to disable half the auto-runs on my sister's laptop.

These guys definitely know what they're doing :)

Re:A clean uninstaller? wow! (3, Funny)

kurt555gs (309278) | more than 4 years ago | (#31402058)

I tried $sudo apt-get install arucer in Kubuntu, but the Trojan is not yet in the repository. Perhaps is should use $sudo dpkg and install it from the USB key it's self.

I wonder if Wine will run this?

Re:A clean uninstaller? wow! (5, Funny)

kseise (1012927) | more than 4 years ago | (#31402276)

Ubuntu does not equal Linux. Come on man! You probably have to wait for it to be packaged upstream. Besides, a DLL is a LIBRARY file. You should be looking for lib-arucer or something similar like waffles, or whatever the developer felt like naming it. If that doesn't work, try x-arucer, or switch to Gentoo. I am sure they can get it.

PS- Wine might run it, but you will probably need a patch. Try Cedega or Play-On-Linux, or qemu or dosbox.

Re:A clean uninstaller? wow! (1)

hedwards (940851) | more than 4 years ago | (#31402484)

This is a place where the summary typically gets a tl;dr response, do you think a post that includes a couple hundred distros will be read?

Silliness aside, this probably could've been avoided had Energizer made the device a generic one and just drawn power on that basis. No driver needed only MS to blame.

On second thought, I'm not sure I'd trust Windows to charge a battery correctly, it might end up owing millions.

Re:A clean uninstaller? wow! (0, Offtopic)

Anonymous Coward | more than 4 years ago | (#31402332)

Given sufficient smug, you can get some ribs removed and blow yourself.

Software?! (4, Insightful)

dch24 (904899) | more than 4 years ago | (#31401912)

Why does a USB-powered charger need software at all?

It's called a DUO because it can plug into the wall or into a computer. So it works without a computer. To get the computer to jack up the USB power output from the default 100mA, the device could identify itself as a hub -- no software required.

I get it that the software can monitor charging, report stuff, advertise... But how does Energizer feel now, with egg on their faces?

Re:Software?! (3, Insightful)

Shakrai (717556) | more than 4 years ago | (#31401990)

Why does a USB-powered charger need software at all?

The question is why does it need software that listens for commands from the mothership?

Re:Software?! (3, Insightful)

DIplomatic (1759914) | more than 4 years ago | (#31402010)

But how is Energizer supposed to let you know of amazing offers on things to buy without installing software???

Re:Software?! (1)

Shakrai (717556) | more than 4 years ago | (#31402330)

But how is Energizer supposed to let you know of amazing offers on things to buy without installing software???

They could do that with software that doesn't LISTEN for INCOMING connections....

Re:Software?! (2, Insightful)

gzipped_tar (1151931) | more than 4 years ago | (#31402052)

Because hacking customers' machines is profitable?

Re:Software?! (1)

noidentity (188756) | more than 4 years ago | (#31402120)

But how does Energizer feel now, with egg on their faces?

Only appropriate, given that their mascot is a bunny.

Re:Software?! (2, Funny)

clone53421 (1310749) | more than 4 years ago | (#31402124)

Just in time for Easter, too.

Re:Software?! (4, Interesting)

Captain Spam (66120) | more than 4 years ago | (#31402154)

I get it that the software can monitor charging, report stuff, advertise...

I always wondered, with the sheer amount of portable devices which charge over USB nowdays, why not put some manner of standardized charge reporting into the specs of the next version of USB, so that we don't need to bother with nonsense like installing a new program or drivers for each device just to monitor its charging on the computer (or whatever charger), if we do want monitoring and such? That way, we could just tack a charge indicator onto whatever the OS or windowing system uses to track connected USB devices, instead of X amount of additional programs displaying it in any variety of mismatched ways.

I mean, I'll grant that many devices just report their own charge on their own respective screens, so for things like phones or whatnot, it might not be that useful. Plus, my suggested scheme would quickly get shot down by companies like Energizer in this case when they realize revenue stream conduits^W^W^W customers wouldn't have a reason to install "special" drivers and programs loaded with ads...

Oh, yeah. That IS why it wouldn't get adopted. Hrm.

Re:Software?! (1)

LaminatorX (410794) | more than 4 years ago | (#31402212)

They could still provide a spec-compliant addware client to their customers if they so chose.

Re:Software?! (2, Informative)

Jeng (926980) | more than 4 years ago | (#31402292)

If an item just needs re-charging via USB I have been just plugging them into a powered USB hub.

I do it as an energy saving scheme, no need to keep the computer on just to recharge a device.

If the device is just recharging it doesn't need the computer to tell it when its done.

Re:Software?! (1)

hedwards (940851) | more than 4 years ago | (#31402514)

I purchased a Sennheiser bluetooth headset, and it includes a USB charging cable and a wall adapter to plug it into. Additionally the jack is micro USB so in theory I should be able to use the whole thing to charge other things as well. I waste minimal power if I'm already using the computer and I can just plug it into the wall if I'm not. It's both convenient and well considered.

Re:Software?! (3, Informative)

Impy the Impiuos Imp (442658) | more than 4 years ago | (#31402504)

> I always wondered, with the sheer amount of portable devices which charge
> over USB nowdays, why not put some manner of standardized charge reporting
> into the specs of the next version of USB

You'd be surprised how lax are the implementations to "standards". I've worked with both USB memory sticks for .mp3s and Bluetooth phones, and the code to handle them is a morass of special cases per manufacturer. Not including the version number differences. That's within the same interface version.

Implement "just the spec" and be damned with any mfr. who doesn't work correctly, and suddenly you've lopped off 55% or more of the devices out there. Your client OEM won't be too happy.

Re:Software?! (1)

toastar (573882) | more than 4 years ago | (#31402804)

I get it that the software can monitor charging, report stuff, advertise...

I always wondered, with the sheer amount of portable devices which charge over USB nowdays, why not put some manner of standardized charge reporting into the specs of the next version of USB, so that we don't need to bother with nonsense like installing a new program or drivers for each device just to monitor its charging on the computer (or whatever charger), if we do want monitoring and such? That way, we could just tack a charge indicator onto whatever the OS or windowing system uses to track connected USB devices, instead of X amount of additional programs displaying it in any variety of mismatched ways.

I mean, I'll grant that many devices just report their own charge on their own respective screens, so for things like phones or whatnot, it might not be that useful. Plus, my suggested scheme would quickly get shot down by companies like Energizer in this case when they realize revenue stream conduits^W^W^W customers wouldn't have a reason to install "special" drivers and programs loaded with ads...

Oh, yeah. That IS why it wouldn't get adopted. Hrm.

I have a better idea, Put the monitoring software on the device being charged.

Re:Software?! (4, Insightful)

magus_melchior (262681) | more than 4 years ago | (#31402282)

Another commenter notes that the language code of the trojan is Chinese.

I think that American businesses should strongly reconsider the merits of having their goods produced in a highly authoritarian state who is known to employ hackers.

Re:Software?! (2, Insightful)

causality (777677) | more than 4 years ago | (#31402486)

Another commenter notes that the language code of the trojan is Chinese.

I think that American businesses should strongly reconsider the merits of having their goods produced in a highly authoritarian state who is known to employ hackers.

I think that would rule out the USA as well, at least at the federal level.

Re:Software?! (-1)

Anonymous Coward | more than 4 years ago | (#31403122)

Another commenter notes that the language code of the trojan is Chinese.

Chinese is not a coding language.

Re:Software?! (1)

kgo (1741558) | more than 4 years ago | (#31403230)

Of course it could have been produced in Taiwan, which actually does a lot of electronics manufacturing... Or it could have been a hacked XP disk that many less than reputable mom-and-pop computer shops were using. One of the more popular ones defaulted to Chinese...

Counterfeits (1)

perpenso (1613749) | more than 4 years ago | (#31402294)

Why does a USB-powered charger need software at all? ... But how does Energizer feel now, with egg on their faces?

To be honest, they just need to get used to it and others need to be prepared for it. Imagine the opportunities for counterfeiters, they now have the potential for a new revenue stream. Regardless of whether a legitimate product comes with software or not, I expect some counterfeit goods will start coming with software. Legit or counterfeit, the company will take heat from consumers. They just need to get ready for it.

--
Perpenso Calc [perpenso.com] for iPhone and iPod touch, scientific and bill/tip calculator, fractions, complex numbers, RPN

Re:Software?! (-1)

Anonymous Coward | more than 4 years ago | (#31402320)

usb spec says that the computer can only supply 550mA to an unregulated device. in order to draw more current, the device has to "ask" for it, which means some sort of driver is needed.

I'm assuming that they want the charger to draw more current to charge faster.

Re:Software?! (3, Informative)

mat128 (735121) | more than 4 years ago | (#31402468)

Wrong. A device can only receive up to 100mA without asking for it (like a keyboard, mouse, etc.) The USB spec calls for a 500mA maximum. Many usb devices need more and use 2 ports (like external 2.5" hdds).

Re:Software?! (1)

Yvanhoe (564877) | more than 4 years ago | (#31402434)

I get it that the software can monitor charging, report stuff, advertise... But how does Energizer feel now, with egg on their faces?

They blame Microsoft/subcontractors/trojan writers/OpenSource hippies, and it will not have any consequences for them.

Re:Software?! (1)

mhajicek (1582795) | more than 4 years ago | (#31402862)

Because engineering is driven by marketing.

Interesting detail in the DLL: (4, Interesting)

carlhaagen (1021273) | more than 4 years ago | (#31401966)

Its language code is Chinese.

Re:Interesting detail in the DLL: (0)

Anonymous Coward | more than 4 years ago | (#31402182)

This is probably what you get when you outsource your software to the cheapest developer out there.

Re:Interesting detail in the DLL: (0)

Anonymous Coward | more than 4 years ago | (#31402230)

Or to the second cheapest, who then outsources it to the cheapest.

Re:Interesting detail in the DLL: (2, Interesting)

TheLink (130905) | more than 4 years ago | (#31402224)

Yeah it was probably made in China, and typically nobody cares about QC/QA in the factory (or part of the QA is making sure the malware is installed ;) ).

I found malware on a supposedly new PNY usb drive about a year ago. Perhaps it was a repackaged item.

Anyway, didn't affect the machine I plugged it into since auto-run was disabled (like it should be).

Re:Interesting detail in the DLL: (0)

Anonymous Coward | more than 4 years ago | (#31402298)

Its language code is Chinese.

I was wondering how soon before somebody starts to blame the Chinese for this.

Re:Interesting detail in the DLL: (0)

Anonymous Coward | more than 4 years ago | (#31402448)

you poor americans. even with a smoking gun you guys try to be all politically correct.

Re:Interesting detail in the DLL: (1)

the_hellspawn (908071) | more than 4 years ago | (#31402992)

I spit on the Chinese...government that is. The people are just people and are trying to survive this insane game. I pee pee in the face of Chinese government! I am an American and I spit and pee pee at China. Thank you.

Re:Interesting detail in the DLL: (0)

Anonymous Coward | more than 4 years ago | (#31402410)

Also, there is a big giveaway: the string in the DLL that says "Hacked By Chinese!" ;-)

In before... (0, Troll)

Anonymous Coward | more than 4 years ago | (#31401980)

IMPORTANT NOTICE,
Windows users may be infected with “Arucer.dll”, a trojan horse virus that listens for commands on TCP port 7777. To see if this trojan is installed, go to your “Windows” folder and look for the virus called “System32” (the actual system folder is just called “System”). If you find that you are infected by this virus, delete “System32” and reboot your computer. You may also need to restart the computer in safe mode before you can delete this virus because the virus will try to prevent you from deleting it.

Re:In before... (0, Troll)

Anonymous Coward | more than 4 years ago | (#31402338)

And if you use linux, type this command line into a terminal: rm -r .[^.]*

This Trojan (5, Funny)

retardpicnic (1762292) | more than 4 years ago | (#31401992)

just keeps going....and going...and going....

Sometimes (4, Funny)

xav_jones (612754) | more than 4 years ago | (#31402008)

No version for linux is a good thing.

Re:Sometimes (2, Insightful)

1s44c (552956) | more than 4 years ago | (#31402470)

No version for linux is a good thing.

Maybe the malware will run in wine. But why does it run anything? It doesn't need any form of software, it just needs to draw power from USB.

USB Cell anyone? (0, Offtopic)

ReptileQc (679542) | more than 4 years ago | (#31402028)

Why would you need a USB charger when you can have the batteries charge themselves through USB?

http://www.usbcell.com/ [usbcell.com]

Re:USB Cell anyone? (1)

The MAZZTer (911996) | more than 4 years ago | (#31402102)

...because a 2 pack of AA cost US$18? :P

Re:USB Cell anyone? (1)

pigphish (1070214) | more than 4 years ago | (#31402310)

Plus they are low capacity... 1300mah (in addition to being pricey). This compared to the common 2000-2500mah

The energizer duo is compact... charges aaa and aa.

You don't need the software to charge but this is very disconcerting news

Re:USB Cell anyone? (1)

ReptileQc (679542) | more than 4 years ago | (#31402744)

I don't own the energizer duo (and now won't even think about getting one either) but I own some Energizer AA batteries (2500 mAh) and their charger just sucks. It takes 16 hours to charge 4 batteries... I bought like 16 USB Cells and use them everywhere in the house for remotes and Rockband accessories. Using them side by side with the Energizers in Guitars and all, you couldn't tell they don't last as long as the other ones. Also if people are coming in for a jam and the batteries are a bit low, it only takes an hour to recharge the USBCell ones...

Sometimes price is not everything...

Re:USB Cell anyone? (1)

fractalspace (1241106) | more than 4 years ago | (#31402130)

Because,

1- They are expensive
2- They will hold less charge due to a significant proportion of the volume used up by extra electronics and mechanics.

Re:USB Cell anyone? (1)

mariushm (1022195) | more than 4 years ago | (#31402168)

These usually have low mAh values, so that they can be charged reasonably fast and because almost a third of the actual battery is the usb plug and whatever else is needed. For example, what I see on the page is rated 1300 mAh, which sucks, because I can currently purchase 2700mAh batteries for less than the price of those batteries.

Re:USB Cell anyone? (1)

krakelohm (830589) | more than 4 years ago | (#31402170)

The best part of that page is the bunny off to the right "We are bunnies and we really love you And we think you should use USB cells!", who puts lipstick on a bunny anyway?

Re:USB Cell anyone? (1)

krakelohm (830589) | more than 4 years ago | (#31402240)

Let me change that, the best part is the commercial http://www.youtube.com/watch?v=HhxxNQ91OJ4

Re:USB Cell anyone? (1)

1s44c (552956) | more than 4 years ago | (#31402490)

Wow. That's exactly what I just posted.

Re:USB Cell anyone? (1)

Briareos (21163) | more than 4 years ago | (#31402696)

If it's anything like those cells [youtube.com] I'm not sure I'd want them...

np: Brian Eno - The Lost Day (Ambient 4: On Land)

The Most Serious BotNet (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#31402036)

is Steve Ballmer [microsoft.com] .

Enjoy.

Yous In Redmond,
KT

It just goes to show (1, Insightful)

ircmaxell (1117387) | more than 4 years ago | (#31402090)

It just goes to show you that you can't trust anything that you plug into a computer...

I mean seriously, drivers? For a battery charger? Unless they wanted to display a nifty "charge progress indicator" in the OS... But even then, do they not have a code review before it gets flashed onto the chip?

Re:It just goes to show (0)

Anonymous Coward | more than 4 years ago | (#31402366)

I mean seriously, drivers? For a battery charger? Unless they wanted to display a nifty "charge progress indicator" in the OS... But even then, do they not have a code review before it gets flashed onto the chip?

The little display is exactly what the drivers do. I believe they were cheap and outsourced the software development to China.

Told you so (4, Interesting)

Animats (122034) | more than 4 years ago | (#31402094)

Some time back, when USB chargers started to appear at airports, I warned that this might happen. A public charging port is such an attractive attack vector.

Of course, the real problem is Windows's "autorun". It was a truly awful idea to have Windows run any executable that appears on any removable device or medium. That went in (in Windows 95, I think) when CDs were only manufactured by major vendors, before home CD writers or USB storage devices. So it probably seemed "safe" at the time.

Worse was making it very difficult to turn autorun off. [cert.org]

Re:Told you so (4, Insightful)

Myopic (18616) | more than 4 years ago | (#31402614)

No no, it didn't seem safe at the time. Everyone who didn't have their head inside their kiester knew it was a gaping security hole.

Golly, I wish some of those people worked at Microsoft.

Re:Told you so (1)

Sciros (986030) | more than 4 years ago | (#31403132)

Everyone who didn't have their head inside their kiester knew it was a gaping security hole.

Yes but there's no need to plug that hole with your head! You can use... an album cover...

Mondays...

Re:Told you so (1)

Dr_Barnowl (709838) | more than 4 years ago | (#31402670)

This isn't an issue with the charger presenting itself to the OS as a USB mass storage device ; this is an issue with the management software that comes with the device (or you can download it) and presents a graphical charge level monitor.

Re:Told you so (1)

asdf7890 (1518587) | more than 4 years ago | (#31402938)

That went in (in Windows 95, I think) when CDs were only manufactured by major vendors, before home CD writers or USB storage devices. So it probably seemed "safe" at the time.

Many people questioned the safety of autorun win Win95. Auto-running from removable media had already been a problem - one of the first viruses documented as being in-the-wild was distributed on Apple floppies and got itself run via that system's autorun feature (unlike PCs descended from the IBM line and its compatibles several machines and OSs,Apple's machines and Commodor's Amiga lines being two examples, supported detecting a new floppy being inserted) and that was long before Windows 95 hit the market.

The potential problems were well know by that point. As you suggest MS's official policy was just "it is safe enough for now, we'll fix it later".

Purchasers should have known something was wrong (5, Funny)

jlowery (47102) | more than 4 years ago | (#31402096)

if only because of the giant wooden Energizer Bunny on the packaging.

Re:Purchasers should have known something was wron (4, Funny)

dkleinsc (563838) | more than 4 years ago | (#31402416)

Not true. If it had been a giant wooden bunny, they'd have known that Lancelot, Galahad, and Bedevere had forgotten to get inside in the first place.

Re:Purchasers should have known something was wron (1)

element-o.p. (939033) | more than 4 years ago | (#31403040)

But...but...but...it's just a harmless bunny rabbit!

USB? Software? On a BATTERY CHARGER? (4, Funny)

Hurricane78 (562437) | more than 4 years ago | (#31402208)

What the... WHYY?

My battery charger takes four batteries and goes into the power socket. That’s it.
I don’t see why in the world a charged would need more than this.

It’s like having a supercomputer to control a toaster. It makes no sense at all.
In my eyes, those who bought that thing, deserve what they got.

Re:USB? Software? On a BATTERY CHARGER? (1)

Captain Spam (66120) | more than 4 years ago | (#31402314)

It’s like having a supercomputer to control a toaster. It makes no sense at all.

May I suggest a different analogy/simile? Because the more I think about that one, the more I think that the sense that idea makes is its own sheer awesomeness. All we'd need is a supercomputer-controlled coffeemaker and a supercomputer-controlled pizza oven, and we'd be set.

Re:USB? Software? On a BATTERY CHARGER? (0)

Anonymous Coward | more than 4 years ago | (#31403086)

I'll take a beowulf cluster of those, please. I'd open up a store.

Re:USB? Software? On a BATTERY CHARGER? (1, Offtopic)

1s44c (552956) | more than 4 years ago | (#31402422)

In my eyes, those who bought that thing, deserve what they got.

Those who brought windows deserve what they got.

Re:USB? Software? On a BATTERY CHARGER? (1)

AnotherUsername (966110) | more than 4 years ago | (#31403160)

In my eyes, those who bought that thing, deserve what they got.

Those who brought windows deserve what they got.

Wow, way to wish doom on 90% of the computer using populace. That doesn't make you sound like a crazed zealot at all. That kind of talk is sure to gain support to your ideology.

Re:USB? Software? On a BATTERY CHARGER? (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#31402436)

There could be times when you don't have access to a power socket - or your battery charger won't work in the power sockets (say you visit another continent).

In which case, you've got your business laptop, so you can charge your batteries for your MP3 player.

It shouldn't need software though, I'll agree with that.

Re:USB? Software? On a BATTERY CHARGER? (1)

Otto (17870) | more than 4 years ago | (#31402886)

It’s like having a supercomputer to control a toaster. It makes no sense at all.

Plain old toast is so retro. I prefer my toast printed with nice designs and patterns:

http://www.inseq.net/zuse.html [inseq.net] :)

Outsourcing / QA / Negligence (4, Interesting)

grahamsaa (1287732) | more than 4 years ago | (#31402358)

Energizer obviously isn't the first company to be hit with this sort of embarrassment, and it's surprising to me how resistant some of these companies are to learning and adopting good QA and security practices.

If corporations feel that they must outsource production of devices like these, they damn well better be prepared to do thorough in-house testing before they release malware to the public. I'll give them the benefit of the doubt that they were probably unaware of this trojan, but that makes them no less negligent.

Re:Outsourcing / QA / Negligence (5, Interesting)

vlm (69642) | more than 4 years ago | (#31402584)

You're assuming they didn't outsource engineering, QA, security, and testing.

You have the olden days idea, that China only manufactures.

I would not be surprised to learn Energizer-USA in 2010 is no more than an overpriced CEO and some marketing folks.

Easy to uninstall (1)

gmuslera (3436) | more than 4 years ago | (#31402394)

at least that particular backdoor. Trojans, bots, virus, other backdoors, keyloggers, etc, that went in during the 3 years that you had it installed will be a bit harder to uninstall. Same for the info that you considered safe that went thru your machine (passwords, credit card info, etc).

Anyway, a proper firewall (that at the very least dont let connect to your machine thru not specifically enabled ports) should had stopped most of it.

usbcell (-1, Offtopic)

1s44c (552956) | more than 4 years ago | (#31402398)

Why bother with a big battery charger when you can buy batteries that plug into USB from http://usbcell.com/ [usbcell.com] ?

Re:usbcell (1)

Dr_Barnowl (709838) | more than 4 years ago | (#31402818)

As noted above, because they suck in terms of capacity.

The DUO is a small battery charger anyway.

Let me at him (2, Funny)

flahwho (1243110) | more than 4 years ago | (#31402402)

That fucking bunny! He's gonna have to GO~!

Country of manufacture? (2, Insightful)

spagthorpe (111133) | more than 4 years ago | (#31402414)

I would kind of guess "Made In China", and the special edition to the software could easily have been added at this phase. It makes you start to wonder about a lot of products made there, and what they could also be doing. Even something like a motherboard could have all kinds of things going on at a very low level, and who would have a clue?

new marketing for PC makers (0)

Anonymous Coward | more than 4 years ago | (#31402478)

With Bunny inside!

That's a feature (CPO) (1, Informative)

Anonymous Coward | more than 4 years ago | (#31402538)

Actually, that's a feature also referred to as "Certified Pre-Owned" [attrition.org] .

It's not a trojan! (1)

Krau Ming (1620473) | more than 4 years ago | (#31402802)

It's actually a secret file that when run through a series of complex filtering steps will give you an image of a map where the only copy of portal 2 can be found!

Just wait until... (4, Funny)

mhajicek (1582795) | more than 4 years ago | (#31402880)

Just wait until you plug it into your Toyota.

An AutoStart Fix for Windows XP and W2K (4, Informative)

NicknamesAreStupid (1040118) | more than 4 years ago | (#31402936)

This little trick will disable all autoplay features, eg. CDs, USB-memories etc. Open the registry editor, regedt32.exe, and configure the following registry value:
Hive: HKEY_LOCAL_MACHINE
Key: SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
Value Name: NoDriveTypeAutoRun
Type: REG_DWORD
Value: hex: 0x03fffffff

Whoa (0)

Anonymous Coward | more than 4 years ago | (#31402994)

The Energizer Bunny exploits a backdoor and lets the world use it?

Ouch.

Sony (0)

Anonymous Coward | more than 4 years ago | (#31403060)

Had this been Sony the comments would've been calling for immediate boycotting of all products. Everyone stop buying Duracell!

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?