Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Energizer Malware SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Energizer Malware

We received several emails today about the US-CERT analysis of Trojan horse software found in an application designed for a battery recharger.  Our assessment is that due to the dates involved (2007 and 2008) this is likely related to the rash of malware we reported a couple of years ago that was found on digital photo frames, iPods, GPS devices, and other consumer products.  If any of our readers have any additional technical information or observations to share about this case, please use the comment feature below.

Marcus H. Sachs
Director, SANS Internet Storm Center

Marcus

301 Posts
ISC Handler
The install exe for this software is code-sign timestamped 31st July 2007. I noticed this open port (7777) after installing the software, but as it was part of a digitally signed archive, I didn't think it would be malware!

Verisign have still not revoked the code-signing certificate that this software is signed with and neither does my anti-virus detect the malicious dll.

I think this shows how even software from big companies which is digitally signed cannot always be trusted. Energizer should be taking serious action against their software supplier.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!