Dell has admitted that it sent out malware-laced replacement server motherboards to some of its customers.
Some replacement motherboards for the PowerEdge R310, R410, R510 and T410 servers were found during Dell testing to contain the Spybot worm within the flash storage, the hardware maker said on Wednesday. Dell said it is telephoning the customers affected, and it noted in a post to its community forum that less than one percent of installed base of the four server models are at risk.
"This issue does not affect systems as shipped from our factory and is limited to replacement parts only. Dell has removed all impacted motherboards from its service supply chain, and new shipping replacement stock does not contain the malware," Forrest Norrod, general manager of server platforms at Dell, said in a statement on Wednesday.
The Spybot worm, which surfaced in 2003 and comes in many variants, spreads using Microsoft Windows vulnerabilities. This means that servers running non-Windows operating systems cannot be infected, nor can systems with the iDRAC Express or iDRAC Enterprise management controllers installed, according to Dell. The company said that all "industry-standard" antivirus programs will be able to identify and stop the code from infecting systems.
In addition, the malware can activate only if customers run an update to the Unified Server Configurator or 32-bit Diagnostics, according to Dell.
"[We] believe that any impact to a customer's information security is unlikely. To date, we have received no customer reports related to data security," the company said in a post to its community forum.
On the forum, Dell initially said it had found the malware in the embedded server management firmware on the motherboards, but later changed this to say that the problem was actually in the flash storage.
The hardware maker is urging customers with questions to contact it at US_EEC_escalations@dell.com or to consult the community forum thread that highlights the issue.