Dell ships motherboard with malicious code

Dell ships motherboard with malicious code

Summary: Dell has confirmed that some of its PowerEdge server motherboards were shipped to customers with malware code on the embedded server management firmware.

SHARE:

Dell has confirmed that some of its PowerEdge server motherboards were shipped to customers with malware code on the embedded server management firmware.

The infected motherboard was found on replacement Dell PowerEdge R410 rack servers, according to a post on a Dell support forum.

A Dell representative confirmed the issue after a customer received a call warning about the infected motherboard.

follow Ryan Naraine on twitter

As part of Dell’s quality process, we have identified a potential issue with our service mother board stock, like the one you received for your PowerEdge R410, and are taking preventative action with our customers accordingly.  The potential issue involves a small number of PowerEdge server motherboards sent out through service dispatches that may contain malware.  This malware code has been detected on the embedded server management firmware as you indicated.

We take matters of information security very seriously and believe that any impact to a customer’s information security is unlikely.  To date we have received no customer reports related to data security. Systems running non-Windows operating systems are not vulnerable to this malware and this issue is not present on motherboards shipped new with PowerEdge systems.

The company did not provide any additional details.

UPDATE: After the publication of this story, Dell emailed the following statement from Forrest Norrod, vice president and general manager of server platforms.:

Dell is aware of the issue and is contacting affected customers.  The issue affects a limited number of replacement motherboards in four servers - PowerEdge R310, PowerEdge R410, PowerEdge R510 and PowerEdge T410 – and only potentially manifests itself when a customer has a specific configuration and is not running current anti-virus software.   This issue does not affect systems as shipped from our factory and is limited to replacement parts only.  Dell has removed all impacted motherboards from its service supply chain and new shipping replacement stock does not contain the malware.  Customers can find more information on Dell’s community forum.

Topics: Dell, Hardware, Malware, Security, Servers

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

92 comments
Log in or register to join the discussion
  • RE: Dell ships motherboard with malicious code

    Proactive acknowledgement is good. Now a follow-up with a firmware update is needed.
    maddoghall
  • What does it do?

    Um... anyone asking themselves the question, what's the damage? What does the malicious code do? Keylogger? Password cracker? License code stealer? Data deleter? Make your server a member of a peer to peer network run by the red Chinese to attack the pentagon just before a first strike? What???
    slylabs13
    • RE: Dell ships motherboard with malicious code

      @slylabs13 It sends all the information to an IRC channel and also opens up a port on the computer for others to piggyback from.

      This is what they are infected with
      http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99
      Toque_3D
    • RE: Dell ships motherboard with malicious code

      @slylabs13

      this looks to be the information you are looking for, copied from Dell's community site, looks like posted by a Dell staffer, but can't confirm

      --- begin copy/paste block ---
      Here are further details regarding the instance of malware introduced on some service motherboards discussed on this forum that affects a very small set of customers. We are proactively contacting identified customers and are working with them to quickly resolve any potential exposure.

      There are important pieces of information to note:

      1. This issue does not affect any Dell PowerEdge servers shipped from our factories and is limited to a small number of the replacement motherboards only which were sent via Dell?s service and replacement process for four servers: PowerEdge R310, PowerEdge R410, PowerEdge R510 and PowerEdge T410. The maximum potential exposure is less than 1% of these server models.
      2. Dell has removed all impacted motherboards from the service supply. New shipping replacement stock does not contain the malware.
      3. The W32.Spybot worm was discovered in flash storage on the motherboard during Dell testing. The malware does not reside in the firmware.
      4. All industry-standard antivirus programs on the market today have the ability to identify and prevent the code from infecting the customer?s operating system.
      5. Systems running non-Microsoft Windows operating systems cannot be affected.
      6. Systems with the iDRAC Express or iDRAC Enterprise card installed cannot be affected.
      7. Remaining systems can only be exposed if the customer chooses to run an update to either Unified Server Configurator (USC) or 32-bit Diagnostics.

      Dell takes customer security and privacy very seriously. Although we are not aware of any reports of customer related issues, we are proactively working with customers to resolve any potential exposure.

      Concerned customers can contact Dell technical support at: US_EEC_escalations@dell.com

      We will continue to update this forum as new information becomes available or questions arise.
      --- end copy/paste block ---
      erik.soderquist
    • How

      @slylabs13 What they're not addressing is HOW this happened and what they're doing to prevent it from happening again.
      archangel9999
  • RE: Dell ships motherboard with malicious code

    So somehow during manufacturing in China, a MCU was loaded with firmware outside the regular manufacturing processes whilst not being caught during the regular quality checks (if any) and loaded with malware & Dell doesn't think the customers data security was compromised because no one has detected it yet?
    Why else would you load such malware and considering its done to the firmware, I hope it calls into question all of Dells quality control processes and vendor choices.

    Another reason why I won't ever use Dell again.
    Darkrobe
    • RE: Dell ships motherboard with malicious code

      @Darkrobe
      This doesn't put me off of Dell in particular, since all companies are out-sourcing to Eastern Europe, Russia, and Continental Asia. If they go there for lower costs (workers paid peanuts), the locals will find a way to increase their profits and malicious code will be ideal for the coders in those regions. To avoid problems: Stop outsourcing or pay them at the Western rates... which, of course, cancels the benefits of outsourcing.

      Wiz76
      Wiz76
      • RE: Dell ships motherboard with malicious code

        @Wiz76 Oh really? How come Apple has never had infected motherboard firmware? Nor HP. Let's face it, Dell is a cesspool of garbage.
        MSFTWorshipper
      • RE: Dell ships motherboard with malicious code

        @Wiz76 Because, as we all know, American workers are 100% honest and cannot be bought off.
        jpdemers@...
      • RE: Dell ships motherboard with malicious code

        @Wiz76 Apple does the same outsourcing, people. Do you think their computers cost more because they are an "american" company? nope. why do you think they are targeted in the whole foxconn issues?
        thatroom
      • MSFTWorshipper, How do you know that Apple

        never had that problem?

        Not saying they or anyone else did, but then again a few other companies have sent out infected disks and the like with their computers.
        John Zern
      • RE: Dell ships motherboard with malicious code

        @Wiz76 <br>Let's start a class-action suit. When is Michael Dell going to have the press conference to apologize shipping infected crap to customers? I want to see him stand up and beg forgiveness. Let's call it MaliciousCodegate. Where are all the Dell-hating bloggers trying to take Dell down. Oh, wait. Dell is already down in the toilet. Nothing to be gained like trying to tarnish Apple's reputation over nothing. Forget it. Nobody gives a damn about Dell products.
        ConstableOdo
      • RE: Dell ships motherboard with malicious code

        Not the first company to do this. Apple did something similar a few years back when they shipped a Windows virus with some iPods. Interestingly, in their comments they put some of the blame of MicroSoft.

        http://www.apple.com/support/windowsvirus/
        bsurfer
      • RE: Dell ships motherboard with malicious code

        [i]Because, as we all know, American workers are 100% honest and cannot be bought off.[/i]<br><br>jpdemers@...<br><br>The chances somebody over here would be able to get away with that are pretty slim. The FBI would be all over them in an instant.
        ahh so
    • On the other hand...

      @Darkrobe

      At least they are owning up it and fixing it. They could have waited for this to blow up, then said, "this affects all motherboards"

      But because they admitted it and are fixing it, I'm sure they will beraded and chastised in the news and media.
      SonofaSailor
      • RE: Dell ships motherboard with malicious code

        @SonofaSailor

        I think that they are `doing something about it` because they have decided not to have a repeat of the `faulty motherboard capacitor` issue. Like they really need another round of bad press?
        fatman65535
      • RE: Dell ships motherboard with malicious code

        @SonofaSailor
        At least they are not telling the IT depts. to hold, uhm.. stack them the right way ;)
        jedikitty@...
      • RE: Dell ships motherboard with malicious code

        this is actually for @jedikitty, ...nice one! : )
        ermercado@...
      • RE: Dell ships motherboard with malicious code

        They are also offering a free $30 case for their servers to anyone that was affected.
        Salonikios
      • RE: Dell ships motherboard with malicious code

        @SonofaSailor I hear Dell is suggesting that perhaps the use of large rubber bumpers might take care of the problem :-)
        archangel9999