Jump to content

Energizer Duo USB battery charger

Curioddity
Followers 0

Recommended Posts

dakboy

+dakboy

Posted
Posted

If you have the Energizer Duo USB battery charger and if you installed the widget program on Widows and if you don't have a firewall on your computer. Please have a look to ...

Regardless, there is no reason at all for such a device to even attempt to introduce such a program into a host computer. Rather than blame the victim (people who installed the widget, expecting useful functionality), let's ask Energizer why they're opening vulnerabilities on their customers' PCs without their knowledge.

Link to comment
ecanderson

+ecanderson

Posted
Posted
And yet...I run a real OS, and am therefor in no danger whatsoever.

 

Can someone please explain to me why the most expensive consumer operating system is the least secure -- or at least why people keep buying it?

Apart from the fact that the biggest target gets the most attention, be aware that if someone wanted to play this particular game on YOUR OS, it would be easy enough to do. This wasn't a particularly sophisticated hack. It was a back door in a piece of software you might have installed yourself. Your OS just doesn't have enough market share to garner the attention of those out to have a bit of fun at your expense.
Link to comment
sim_v

+sim_v

Posted
Posted

Rather than blame the victim (people who installed the widget, expecting useful functionality), let's ask Energizer why they're opening vulnerabilities on their customers' PCs without their knowledge.

 

I would only point that the backdoor run only on windows computer and is passive (wait order from internet). A firewall wil block incoming connection on a big part of computer.

Drivers with the backdoor are available for download since 2007.

Link to comment
dakboy

+dakboy

Posted
Posted

Rather than blame the victim (people who installed the widget, expecting useful functionality), let's ask Energizer why they're opening vulnerabilities on their customers' PCs without their knowledge.

 

I would only point that the backdoor run only on windows computer and is passive (wait order from internet). A firewall wil block incoming connection on a big part of computer.

You're only pointing out the obvious - if you follow good security practices, your vulnerability is minimal.

 

But there are millions of computers that are members of botnets passively waiting to be given commands to unleash attacks and spam, so it's clear that many people don't do this. Computers infected with this DLL can become agents of those botnets and create their own. As you point out, this has been in the wild for 3 years - there may be botnets which were created or expanded via this thing already, we may never know.

 

It only listens passively until it's sent instructions to execute programs. Then it can cause any kind of havoc the controller wants. Read that CERT assessment:

An attacker is able to remotely control a system, including the ability to list directories, send and receive files, and execute programs. The backdoor operates with the privileges of the logged-on user.
Most home users run with elevated or semi-elevated privileges. Once it receives instructions, it can literally do anything.

 

Stop shifting blame onto the victims. This never should have been put on the computer in the first place. Energizer distributed this, knowingly or otherwise; they are responsible.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Followers 0
Go to topic listing
×
×
  • Create New...