As per an advisory issued by the Department of Homeland Security, a software bundle that comes with the Energizer DUO USB battery charger contains a Trojan horse that has been known to infiltrate and infect Microsoft Windows based computers. The Trojan horse was discovered by the US-CERT (United States Computer Emergency Readiness Team), a branch of the U.S DHS, that has been tasked with the protection of cyber space.

The Energizer DUO USB is a USB powered battery charger, that comes with a bundle software which when installed, indicates the recharging status of the battery. However, this software was somehow manipulated and a Trojan horse was inserted was inserted in to the programming. Energizer, which is one of the largest manufacturers of batteries for mobile devices has stated that, it has absolutely so idea, as to how the malicious code was inserted to the software and that, the company is working closely with the US-CERT and other U.S agencies to investigate the incident. The Energizer DUO USB was sold on a large scale in Asia, Europe, Latin America and the United States in the year 2007, but was later discontinued.

According to the experts, when the users installed the bundled software, the malicious code in the software created a file known as ‘Arucer.dll’, that was designed specifically to listen to a computer’s TCP port 7777 and acts as a Trojan horse. Once activated, this intruder could download and execute files without the user’s content and was enabled to transmit the files stolen from the computers. This Trojan is self activated, the moment a computer is turned and works as a stand alone unit, even if the USB charger is disconnected.

The US-CERT has issued preventive measures for the users of the Energizer charger, which include the uninstallation of the software, that would render the Trojan horse inoperable. Furthermore, users have been urged to delete the Arucer.dll file from the Windows’ “system32? directory, then restart the machine.

Via Computer World