Feeds

Energizer site still plagued by data-stealing trojan

Anybody home?

The Essential Guide to IT Transformation

The maker of Energizer brand batteries is continuing to serve its customers a file laced with a data-stealing trojan more than 24 hours after the company was notified of the threat and almost two weeks after it promised to fix the problem.

A spokeswoman for Energizer Holdings acknowledged receiving a voicemail Wednesday night informing her the trojan was being offered for download on one of the company's European websites. She said she didn't respond to the message because of the late hour at which it was left, and never saw an article reporting that two anti-virus firms had confirmed the site continued to offer the toxic file 12 days after the company promised to stamp it out.

"More than half the time I call a reporter back, the story's already run," she told The Register on Thursday afternoon. "I find it a little odd that someone would call someone at 9:30 at night. That is not within normal business hours."

When The Reg directed the spokeswoman to the precise page where the offending UsbCharger_setup_V1_1_1.exe file is being served, she said: "I can assure you it will be taken down immediately."

But at time of publication, more than nine hours later, the file was still available for download.

That means that 13 days after a contrite-sounding Energizer Holdings pledged to purge the trojan from its offerings, the company was continuing to distribute the file. And even after the oversight was communicated personally to a company representative and in a published report, the company still hadn't removed the file.

We're tempted to make yet another reference to the Energizer's long-running advertising slogan and note the irony. But we'll leave it at this: If anyone at Energizer Holdings really cares about customer safety, please clean up your website. Now.

We'll be sure to update this article if they do. ®

Update

Sometime on Friday morning California time, Energizer finally removed the trojan-laced file from the website. The company has yet to provide any findings resulting from an investigation it pledged to conduct into who was responsible and how the malware managed to slip in. Stay tuned.

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.