The Energizer Bunny seems to have been a naughty bunnie and has been spreading an infection around town. Energizer has announces that their Duo Charger and USB Charger Software has a problem and somehow has become infected with a trojan. The company is advising that users should uninstall the software and has pulled the download from their web site. It is currently unknown if Energizer will issue new software or when it will be updated.

In the following press release from Energizer it also stated:

Energizer has discontinued sale of this product and has removed the site to download the software. In addition, the company is directing consumers that downloaded the Windows version of the software to uninstall or otherwise remove the software from your computer. This will eliminate the vulnerability. In addition CERT and Energizer recommend that users remove a file that may remain after the software has been removed. The file name is Arucer.dll, which can be found in the Window system32 directory.

Energizer is currently working with both CERT and U.S. government officials to understand how the code was inserted in the software. Additional technical information can be found at http://www.kb.cert.org/vuls/id/154421.

It therefore highly recommended that if you have installed the software from Enerigizer that it be uninstalled. I would also recommend checking out the CERT site as well for additional information.

Comments welcome.

Energizer press release is here.