madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

Dell ships motherboard with malicious code

By | July 21, 2010, 8:37am PDT

Summary: Dell has confirmed that some of its PowerEdge server motherboards were shipped to customers with malware code on the embedded server management firmware.

Dell has confirmed that some of its PowerEdge server motherboards were shipped to customers with malware code on the embedded server management firmware.

The infected motherboard was found on replacement Dell PowerEdge R410 rack servers, according to a post on a Dell support forum.

A Dell representative confirmed the issue after a customer received a call warning about the infected motherboard.

follow Ryan Naraine on twitter

As part of Dell’s quality process, we have identified a potential issue with our service mother board stock, like the one you received for your PowerEdge R410, and are taking preventative action with our customers accordingly.  The potential issue involves a small number of PowerEdge server motherboards sent out through service dispatches that may contain malware.  This malware code has been detected on the embedded server management firmware as you indicated.

We take matters of information security very seriously and believe that any impact to a customer’s information security is unlikely.  To date we have received no customer reports related to data security. Systems running non-Windows operating systems are not vulnerable to this malware and this issue is not present on motherboards shipped new with PowerEdge systems.

The company did not provide any additional details.

UPDATE: After the publication of this story, Dell emailed the following statement from Forrest Norrod, vice president and general manager of server platforms.:

Dell is aware of the issue and is contacting affected customers.  The issue affects a limited number of replacement motherboards in four servers - PowerEdge R310, PowerEdge R410, PowerEdge R510 and PowerEdge T410 – and only potentially manifests itself when a customer has a specific configuration and is not running current anti-virus software.   This issue does not affect systems as shipped from our factory and is limited to replacement parts only.  Dell has removed all impacted motherboards from its service supply chain and new shipping replacement stock does not contain the malware.  Customers can find more information on Dell’s community forum.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Dell Computer Corp., Embedded Server, Malware, Motherboard, Dell PowerEdge, Spyware, Adware & Malware, Cyberthreats, Servers, Security, Hardware, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a security evangelist. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

101
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Dell ships motherboard with malicious code
FAULKNE 13th Oct
Good day to confirm this comment I would appreciate T h e b e s t o f Z D N e t d e l i v e r e d your website very nice to everyone Yes, Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage.I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much || thanks for nice content this is really benefit to me.
View in thread
0 Votes
+ -
RE: Dell ships motherboard with malicious code
maddoghall 21st Jul 2010
Proactive acknowledgement is good. Now a follow-up with a firmware update is needed.
0 Votes
+ -
RE: Dell ships motherboard with malicious code
lovedong 13th Sep
Lovely 3 thanks for sharing! replica watches
0 Votes
+ -
What does it do?
slylabs13 Updated - 21st Jul 2010
Um... anyone asking themselves the question, what's the damage? What does the malicious code do? Keylogger? Password cracker? License code stealer? Data deleter? Make your server a member of a peer to peer network run by the red Chinese to attack the pentagon just before a first strike? What???
0 Votes
+ -
RE: Dell ships motherboard with malicious code
Toque_3D 21st Jul 2010
@slylabs13 It sends all the information to an IRC channel and also opens up a port on the computer for others to piggyback from.

This is what they are infected with
http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99
0 Votes
+ -
RE: Dell ships motherboard with malicious code
erik.soderquist 21st Jul 2010
@slylabs13

this looks to be the information you are looking for, copied from Dell's community site, looks like posted by a Dell staffer, but can't confirm

--- begin copy/paste block ---
Here are further details regarding the instance of malware introduced on some service motherboards discussed on this forum that affects a very small set of customers. We are proactively contacting identified customers and are working with them to quickly resolve any potential exposure.

There are important pieces of information to note:

1. This issue does not affect any Dell PowerEdge servers shipped from our factories and is limited to a small number of the replacement motherboards only which were sent via Dell?s service and replacement process for four servers: PowerEdge R310, PowerEdge R410, PowerEdge R510 and PowerEdge T410. The maximum potential exposure is less than 1% of these server models.
2. Dell has removed all impacted motherboards from the service supply. New shipping replacement stock does not contain the malware.
3. The W32.Spybot worm was discovered in flash storage on the motherboard during Dell testing. The malware does not reside in the firmware.
4. All industry-standard antivirus programs on the market today have the ability to identify and prevent the code from infecting the customer?s operating system.
5. Systems running non-Microsoft Windows operating systems cannot be affected.
6. Systems with the iDRAC Express or iDRAC Enterprise card installed cannot be affected.
7. Remaining systems can only be exposed if the customer chooses to run an update to either Unified Server Configurator (USC) or 32-bit Diagnostics.

Dell takes customer security and privacy very seriously. Although we are not aware of any reports of customer related issues, we are proactively working with customers to resolve any potential exposure.

Concerned customers can contact Dell technical support at: US_EEC_escalations@dell.com

We will continue to update this forum as new information becomes available or questions arise.
--- end copy/paste block ---
0 Votes
+ -
How
archangel9999 22nd Jul 2010
@slylabs13 What they're not addressing is HOW this happened and what they're doing to prevent it from happening again.
0 Votes
+ -
RE: Dell ships motherboard with malicious code
Darkrobe 21st Jul 2010
So somehow during manufacturing in China, a MCU was loaded with firmware outside the regular manufacturing processes whilst not being caught during the regular quality checks (if any) and loaded with malware & Dell doesn't think the customers data security was compromised because no one has detected it yet?
Why else would you load such malware and considering its done to the firmware, I hope it calls into question all of Dells quality control processes and vendor choices.

Another reason why I won't ever use Dell again.
0 Votes
+ -
RE: Dell ships motherboard with malicious code
Wiz76 21st Jul 2010
@Darkrobe
This doesn't put me off of Dell in particular, since all companies are out-sourcing to Eastern Europe, Russia, and Continental Asia. If they go there for lower costs (workers paid peanuts), the locals will find a way to increase their profits and malicious code will be ideal for the coders in those regions. To avoid problems: Stop outsourcing or pay them at the Western rates... which, of course, cancels the benefits of outsourcing.

Wiz76
0 Votes
+ -
RE: Dell ships motherboard with malicious code
MSFTWorshipper 21st Jul 2010
@Wiz76 Oh really? How come Apple has never had infected motherboard firmware? Nor HP. Let's face it, Dell is a cesspool of garbage.
  • Flagged
0 Votes
+ -
RE: Dell ships motherboard with malicious code
jpdemers@... 21st Jul 2010
@Wiz76 Because, as we all know, American workers are 100% honest and cannot be bought off.
0 Votes
+ -
RE: Dell ships motherboard with malicious code
thatroom 21st Jul 2010
@Wiz76 Apple does the same outsourcing, people. Do you think their computers cost more because they are an "american" company? nope. why do you think they are targeted in the whole foxconn issues?
0 Votes
+ -
MSFTWorshipper, How do you know that Apple
John Zern 21st Jul 2010
never had that problem?

Not saying they or anyone else did, but then again a few other companies have sent out infected disks and the like with their computers.
0 Votes
+ -
RE: Dell ships motherboard with malicious code
ConstableOdo Updated - 21st Jul 2010
@Wiz76
Let's start a class-action suit. When is Michael Dell going to have the press conference to apologize shipping infected crap to customers? I want to see him stand up and beg forgiveness. Let's call it MaliciousCodegate. Where are all the Dell-hating bloggers trying to take Dell down. Oh, wait. Dell is already down in the toilet. Nothing to be gained like trying to tarnish Apple's reputation over nothing. Forget it. Nobody gives a damn about Dell products.
0 Votes
+ -
RE: Dell ships motherboard with malicious code
bsurfer 22nd Jul 2010
Not the first company to do this. Apple did something similar a few years back when they shipped a Windows virus with some iPods. Interestingly, in their comments they put some of the blame of MicroSoft.

http://www.apple.com/support/windowsvirus/
0 Votes
+ -
RE: Dell ships motherboard with malicious code
ahh so 22nd Jul 2010
Because, as we all know, American workers are 100% honest and cannot be bought off.

jpdemers@...

The chances somebody over here would be able to get away with that are pretty slim. The FBI would be all over them in an instant.
0 Votes
+ -
On the other hand...
SonofaSailor 21st Jul 2010
@Darkrobe

At least they are owning up it and fixing it. They could have waited for this to blow up, then said, "this affects all motherboards"

But because they admitted it and are fixing it, I'm sure they will beraded and chastised in the news and media.
0 Votes
+ -
RE: Dell ships motherboard with malicious code
fatman65535 21st Jul 2010
@SonofaSailor

I think that they are `doing something about it` because they have decided not to have a repeat of the `faulty motherboard capacitor` issue. Like they really need another round of bad press?
0 Votes
+ -
RE: Dell ships motherboard with malicious code
jedikitty@... 21st Jul 2010
@SonofaSailor
At least they are not telling the IT depts. to hold, uhm.. stack them the right way wink
0 Votes
+ -
RE: Dell ships motherboard with malicious code
ermercado@... 21st Jul 2010
this is actually for @jedikitty, ...nice one! : )
0 Votes
+ -
RE: Dell ships motherboard with malicious code
Salonikios 22nd Jul 2010
They are also offering a free $30 case for their servers to anyone that was affected.
0 Votes
+ -
RE: Dell ships motherboard with malicious code
archangel9999 22nd Jul 2010
@SonofaSailor I hear Dell is suggesting that perhaps the use of large rubber bumpers might take care of the problem happy
0 Votes
+ -
Atta boy!!!
SonofaSailor 23rd Jul 2010
http://www.theregister.co.uk/2010/07/23/dell_malware_update/

By God, if Apple can do it, so can Dell!
0 Votes
+ -
RE: Dell ships motherboard with malicious code
Liath.WW 29th Jul 2010
@SonofaSailor

Now, if we could only get at Microsoft like that. Oh, wait -- MS is known to be a black hole of security, they just have so much money they don't care, and the consumers/fanbois don't see it.
Granted, they are making feeble little attempts here and there. Windows 7 is much better than some in the past. But it still has so many backdoors and security issues, some of which MS has plainly stated that they refuse to address. Of course, some of these can't be removed without the government kicking MS in the butt.
0 Votes
+ -
RE: Dell ships motherboard with malicious code
Alienwilly 21st Jul 2010
@Darkrobe
I'm more concerned with whats happening in the oval office @ Washington D.C. than with adware on a dell motherboard.
0 Votes
+ -
RE: Dell ships motherboard with malicious code
tom@... 21st Jul 2010
@Alienwilly
Do you have anything relevant to say or are you just getting your nic/post in view for fun?
  • Flagged
0 Votes
+ -
Well, it isn't IN the firmware...
flared0ne 21st Jul 2010
If I had to take a wild guess, I'd wonder if someone maybe shipped a "defective" board (with this malware in the onboard flash) back into the refurb system and THAT system didn't screen for and prevent this code from infiltrating their refurb systems. We're seeing such small numbers because their refurb systems didn't have ACCESS to the vast majority of NEW stock. Just a guess.
0 Votes
+ -
This should be a wekeup call for repair-and-refit centers...
flared0ne Updated - 21st Jul 2010
Since it appears to reveal a "loophole" for malware access -- simply return a "defective" device which is booby-trapped with the "flavor of the day" and see if virused devices start showing up. Seems just a bit obvious, though...
0 Votes
+ -
RE: Dell ships motherboard with malicious code
tom@... 21st Jul 2010
@flared0ne : And a pretty good guess at that: That's just about exactly what s being explained right now. It was in the Flash.
I really wish the world would just forget China even exists, cost benefit or not. IMO anythinig data related (PROM, Flashware, drives, etc., shouldn't be done o'seas.
0 Votes
+ -
RE: Dell ships motherboard with malicious code
buddy0mine 22nd Jul 2010
@Darkrobe
0 Votes
+ -
RE: Dell ships motherboard with malicious code
mford66215 21st Jul 2010
I believe the technical term for this process is 'oh cr@p!'.

Aren't we mature enough as an industry to ALWAYS have validation of integrity as the last step before we put stuff in a box for shipping? Let's hope they release the update quickly.
0 Votes
+ -
Dell should immediately recall all their products
frgough 21st Jul 2010
it's obviously a design flaw.
0 Votes
+ -
RE: Dell ships motherboard with malicious code
Toque_3D 21st Jul 2010
@frgough They could but they won't. They'll call up all these users and say, "Hey, is your system spilling out all your data to an IRC channel?"
0 Votes
+ -
RE: Dell ships motherboard with malicious code
jpdemers@... 21st Jul 2010
@frgough LOL! Can you imagine the WinTard howling if Apple let this happen?
0 Votes
+ -
Apple makes rack servers?
deanders 21st Jul 2010
@jpdemers@...
0 Votes
+ -
RE: Dell ships motherboard with malicious code
Feldwebel Wolfenstool 21st Jul 2010
@jpdemers@... Not really. Believe it or not, I think folks care even LESS about Apple now, and it's huckster BS management and wimpy, glitchy products. It's become tiresome, keeping track of all the recent failures/features....
0 Votes
+ -
RE: Dell ships motherboard with malicious code
richardw66 21st Jul 2010
@deadness

Yes they do, and very nice ones.

@feldwebel

Yeah. You care enough to make a stupid and I'll informed posting!!!

Name one failure with the apple rack servers!!!

And no apple has a very low failure and glitch rate.

The sales figures for apple now are amazing.

The number of windows users I know who have bought Apple phones and iPods is amazing.

I bet you are angry and need to make up stuff. Because those peep are discovering that the IT 'experts' have been lying to them and that the Apple products are great. Then they think how much nicer it would be if their desktop or laptop was as nice as their phone and they buy apple.

You are really, really upset aren't you.

Keep up the anti-apple BS. It has kept you going for years now.
0 Votes
+ -
Though I wonder if Dell will try to
John Zern 21st Jul 2010
blame it on the customer, as Apple attempted to do?
0 Votes
+ -
RE: Dell ships motherboard with malicious code
richardw66 Updated - 21st Jul 2010
@John Zern

No they didn't

Unlike nokia and RIM! Apple has not pretended that phones do not get affected by the user.

There is mounting proof of apple telling the truth and other phone manufacturers lying about this.
0 Votes
+ -
Amusing Advertising
Vinyukon 21st Jul 2010
I thought it was more than funny that the article was paid for with a splash screen ad from HP.
0 Votes
+ -
Our Enemies Will Continue To Exploit Our Greed
John Westra 21st Jul 2010
Foreign Enemies, and Intellectual Property Thieves, especially China, will continue their Cyber War against the United States, until we develop the political and economic will to stop them. Buy USA, Buy Local, "The Enemy Is Listening!"
0 Votes
+ -
RE: Dell ships motherboard with malicious code
Toque_3D 21st Jul 2010
@John Westra We're getting exactly what we paid for. It's the weak willed companies who see outsourcing of jobs and goods who stiff us in the end. Since everyone wants low prices no one buys USA made anymore since it costs more than the products manufactured by 4 year old Chinese kids in factories.
0 Votes
+ -
RE: Dell ships motherboard with malicious code
mrlinux 21st Jul 2010
@Toque_3D Name some stuff made in America ???
0 Votes
+ -
RE: Dell ships motherboard with malicious code
Qbt 21st Jul 2010
@Toque_3D

You do realize your precious iPhone was assembled in China, right? Does that also make Apple a "weak willed company"? I guess so. Oops...
0 Votes
+ -
RE: Dell ships motherboard with malicious code
richardw66 21st Jul 2010
You probably could since you seem to be channelling quite well at the moment.

Try the reality network next time you post.
  • Flagged
0 Votes
+ -
RE: Dell ships motherboard with malicious code
dmilne@... 21st Jul 2010
@John Westra ... But where? And how on a consistant basis? This week it's made in the USA, next week (maybe) in Mexico, and the week after that, in China. Until companies bring more manufacturing on shore, it darn hard to do this. Also, even if it's made here, where were materials/components made?
0 Votes
+ -
RE: Dell ships motherboard with malicious code
MSFTWorshipper 21st Jul 2010
@John Westra Somehow Apple makes sure these shenanigans don't take place in the factories that make their products. Sure it costs more but Apple still rakes in the RECORD profits!
0 Votes
+ -
Sure they do. unfortunately
John Zern 21st Jul 2010
they spend so much time looking into infected chips, they forget to actually try and test the other parts, like the antenna, or the fans, the screens.... wink
0 Votes
+ -
RE: Dell ships motherboard with malicious code
spin498 22nd Jul 2010
@MSFTWorshipper Really? How about this?

http://www.time.com/time/world/article/0,8599,1991620,00.html

There are pages and pages of similar.
0 Votes
+ -
RE: Dell ships motherboard with malicious code
Toque_3D 21st Jul 2010
This is what it is

W32.Spybot worm

And this is what it does...

# Releases Confidential Info: Sends personal data to an IRC channel.
# Compromises Security Settings: Allows unauthorized commands to be executed on a compromised computer.

Sounds like a complete complication of security to me. I just hope Dell can fix it's problems. Never been the same since they got rid of the "dude you're getting a dell" guy who got busted for drugs. *laughs* Dude, you're going to jail!

More on the worm that eats infected Dell systems:
http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99
0 Votes
+ -
This makes no sense.
ye 21st Jul 2010
@Toque_3D: 32.Spybot worm

This is Windows specific malware. Are you implying the firmware in question is actually Windows?
0 Votes
+ -
RE: Dell ships motherboard with malicious code
FAULKNE 13th Oct
Good day to confirm this comment I would appreciate T h e b e s t o f Z D N e t d e l i v e r e d your website very nice to everyone Yes, Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage.I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much || thanks for nice content this is really benefit to me.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources