Bad Bunny! Energizer USB battery charger blamed for backdoor

Energizer Bunny
It looks like it’s time to remind everyone that malware isn’t just something you download from the internet, or find attached to an email, or even discover lurking on a CD. Any time you plug a storage device into your computer you are potentially exposing it to any malicious code which might reside on the unit.

So, that means that you have to be conscious that all sorts of items can carry malware, and could transmit it to your laptop or desktop computer if you attach it. It doesn’t matter if it’s an iPod, a BlackBerry, a sat-nav, or a digital photo frame.

If it’s got the ability to store data, it can store malware too.

The latest warning comes from US-CERT, who advise that software that comes with the Energizer DUO USB NiMH battery charger is infected with a backdoor Trojan horse, capable of infecting Windows PCs.

Sophos detects the Trojan horse as Troj/Bckdr-RBF.

It’s not yet known how the software, which is designed to display a battery’s charge level, became infected. It’s clear, however, that a more stringent quality control procedure might have saved consumers’ computers and Energizer’s blushes.

Read more information in the advisory from US-CERT.

Update: There appears to be some confusion about whether the Energizer DUO USB NiMH battery charger shipped with the infected software, or whether it was made available by Energizer separately.

Clu-blog reader Kurt Wismer (who knows a thing or two about malware) says he has one of these Energizer chargers and it didn’t come packaged with malware-infected software.

Either way, be careful out there!