The Energizer DUO Trojan: What You Need to Know

Users of Energizer's USB charger are at risk of a security breach, so here's how to protect your system.

The Energizer Bunny keeps going and going, but he picked up a nasty Trojan along the way. The U.S. Department of Homeland Security discovered that Energizer's Duo USB charger left Windows computers open to remote control, thanks to a back door in the product's battery monitoring software. Here's what you need to know:

What is the Energizer DUO?

It's a USB and AC charger for NiMH batteries. Bundled software for Windows and Mac lets you see how much juice is in your batteries. The DUO went on sale in 2007 in the United States. Energizer also released a USB charger without the DUO name and AC functionality in Europe, Latin America and Asia.

What's the problem?

While the hardware alone won't cause any issues, the battery monitoring software for Windows - not for Mac -- installs a backdoor that allows remote access to your computer. That includes "the ability to list directories, send and receive files, and execute programs," according to the United States Computer Emergency Readiness Team.

I have a Duo. Am I in trouble?

Only if you downloaded the Windows software from Energizer's Web site. The product's documentation included a link to www.energizer.com/usbcharger for the download.

How do I remove the Trojan?

First, uninstall the software. This will remove the Windows registry value that executes the Trojan when starting Windows. Restart your computer, then go to the System32 directory in Windows and delete the file "arucer.dll," which is the backdoor component itself. For good measure, you can use a firewall to block access to 7777/tcp, but Energizer doesn't list this step as necessary.

Is the Energizer DUO still on the market?

Energizer has discontinued the Duo, but you can still order it for about $20 through Amazon. However, the software that caused this whole mess is no longer available.

Can I get a refund?

Energizer has said nothing of the sort. Keep in mind that the product's main function of charging by USB or AC remains intact, but it never hurts to complain. Here's the Energizer contact page.

This story, "The Energizer DUO Trojan: What You Need to Know" was originally published by PCWorld.

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies