Feeds

Energizer site still plagued by data-stealing trojan

Anybody home?

Remote control for virtualized desktops

The maker of Energizer brand batteries is continuing to serve its customers a file laced with a data-stealing trojan more than 24 hours after the company was notified of the threat and almost two weeks after it promised to fix the problem.

A spokeswoman for Energizer Holdings acknowledged receiving a voicemail Wednesday night informing her the trojan was being offered for download on one of the company's European websites. She said she didn't respond to the message because of the late hour at which it was left, and never saw an article reporting that two anti-virus firms had confirmed the site continued to offer the toxic file 12 days after the company promised to stamp it out.

"More than half the time I call a reporter back, the story's already run," she told The Register on Thursday afternoon. "I find it a little odd that someone would call someone at 9:30 at night. That is not within normal business hours."

When The Reg directed the spokeswoman to the precise page where the offending UsbCharger_setup_V1_1_1.exe file is being served, she said: "I can assure you it will be taken down immediately."

But at time of publication, more than nine hours later, the file was still available for download.

That means that 13 days after a contrite-sounding Energizer Holdings pledged to purge the trojan from its offerings, the company was continuing to distribute the file. And even after the oversight was communicated personally to a company representative and in a published report, the company still hadn't removed the file.

We're tempted to make yet another reference to the Energizer's long-running advertising slogan and note the irony. But we'll leave it at this: If anyone at Energizer Holdings really cares about customer safety, please clean up your website. Now.

We'll be sure to update this article if they do. ®

Update

Sometime on Friday morning California time, Energizer finally removed the trojan-laced file from the website. The company has yet to provide any findings resulting from an investigation it pledged to conduct into who was responsible and how the malware managed to slip in. Stay tuned.

Choosing a cloud hosting partner with confidence

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?