Feeds

Energizer site still plagued by data-stealing trojan

Anybody home?

Beginner's guide to SSL certificates

The maker of Energizer brand batteries is continuing to serve its customers a file laced with a data-stealing trojan more than 24 hours after the company was notified of the threat and almost two weeks after it promised to fix the problem.

A spokeswoman for Energizer Holdings acknowledged receiving a voicemail Wednesday night informing her the trojan was being offered for download on one of the company's European websites. She said she didn't respond to the message because of the late hour at which it was left, and never saw an article reporting that two anti-virus firms had confirmed the site continued to offer the toxic file 12 days after the company promised to stamp it out.

"More than half the time I call a reporter back, the story's already run," she told The Register on Thursday afternoon. "I find it a little odd that someone would call someone at 9:30 at night. That is not within normal business hours."

When The Reg directed the spokeswoman to the precise page where the offending UsbCharger_setup_V1_1_1.exe file is being served, she said: "I can assure you it will be taken down immediately."

But at time of publication, more than nine hours later, the file was still available for download.

That means that 13 days after a contrite-sounding Energizer Holdings pledged to purge the trojan from its offerings, the company was continuing to distribute the file. And even after the oversight was communicated personally to a company representative and in a published report, the company still hadn't removed the file.

We're tempted to make yet another reference to the Energizer's long-running advertising slogan and note the irony. But we'll leave it at this: If anyone at Energizer Holdings really cares about customer safety, please clean up your website. Now.

We'll be sure to update this article if they do. ®

Update

Sometime on Friday morning California time, Energizer finally removed the trojan-laced file from the website. The company has yet to provide any findings resulting from an investigation it pledged to conduct into who was responsible and how the malware managed to slip in. Stay tuned.

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Managing SSL certificates with ease
The lack of operational efficiencies and compliance pitfalls associated with poor SSL certificate management, and how the right SSL certificate management tool can help.