Last Updated: 2010-03-09 10:09:31 UTC
by Marcus Sachs (Version: 2)
We received several emails today about the US-CERT analysis of Trojan horse software found in an application designed for a battery recharger. Our assessment is that due to the dates involved (2007 and 2008) this is likely related to the rash of malware we reported a couple of years ago that was found on digital photo frames, iPods, GPS devices, and other consumer products. If any of our readers have any additional technical information or observations to share about this case, please use the comment feature below.
Marcus H. Sachs
Director, SANS Internet Storm Center
UPDATE: Due to the high demand and number of notifications from our ISC readers, be aware that yesterday new Nmap and Metasploit modules to detect and exploit this trojan were released.
Verisign have still not revoked the code-signing certificate that this software is signed with and neither does my anti-virus detect the malicious dll.
I think this shows how even software from big companies which is digitally signed cannot always be trusted. Energizer should be taking serious action against their software supplier.
Mar 9th 2010
1 decade ago