Graham Cluley’s blog.
Trojan horse suspected of contributing to 2008 Madrid aircrash
Authorities investigating the 2008 Madrid air crash, which resulted in the deaths of 154 people, have discovered that a central computer system used to monitor technical problems in aircraft was infected with Trojan horses.
The final report from crash investigators is not due to be presented until December, and it’s very probable that there will be found to be other contributing factors to what was a horrific accident beyond the malware infection by Trojan horses.
However, next time someone tries to convince you that the people who write malware aren’t really doing anyone any serious harm – remember this case.
http://www.sophos.com/blogs/gc/g/2010/08/20/trojan-horse-suspected-contributing-2008-madrid-aircrash/
Energizer Press Release
Energizer Announces Duo Charger and USB Charger Software Problem
ST. LOUIS, March 5, 2010 /PRNewswire via COMTEX/ — Energizer has been informed by the CERT Coordination Center (CERT) that the Windows software that was referenced and made available via a download with its Duo Charger, Model CHUSB, contains a vulnerability. Energizer introduced the Duo Charger in the United States and the USB Charger in Latin America, Europe and Asia in 2007. Both products charge Nickel Metal Hydride batteries from both a wall outlet and a USB connection. The product included a feature that would allow the user to view the battery charging status on a computer if associated software was installed. The Duo Charger product documentation referenced www.energizer.com/usbcharger to download the software. The site offered downloadable software in both Windows and Apple(R) versions; however only the Windows version contained the vulnerability.
Energizer has discontinued sale of this product and has removed the site to download the software. In addition, the company is directing consumers that downloaded the Windows version of the software to uninstall or otherwise remove the software from your computer. This will eliminate the vulnerability. In addition CERT and Energizer recommend that users remove a file that may remain after the software has been removed. The file name is Arucer.dll, which can be found in the Window system32 directory.
Energizer is currently working with both CERT and U.S. government officials to understand how the code was inserted in the software. Additional technical information can be found at http://www.kb.cert.org/vuls/id/154421.
