Dell ships motherboard with malicious code
Summary: Dell has confirmed that some of its PowerEdge server motherboards were shipped to customers with malware code on the embedded server management firmware.
Dell has confirmed that some of its PowerEdge server motherboards were shipped to customers with malware code on the embedded server management firmware.
The infected motherboard was found on replacement Dell PowerEdge R410 rack servers, according to a post on a Dell support forum.
A Dell representative confirmed the issue after a customer received a call warning about the infected motherboard.
As part of Dell’s quality process, we have identified a potential issue with our service mother board stock, like the one you received for your PowerEdge R410, and are taking preventative action with our customers accordingly. The potential issue involves a small number of PowerEdge server motherboards sent out through service dispatches that may contain malware. This malware code has been detected on the embedded server management firmware as you indicated.
We take matters of information security very seriously and believe that any impact to a customer’s information security is unlikely. To date we have received no customer reports related to data security. Systems running non-Windows operating systems are not vulnerable to this malware and this issue is not present on motherboards shipped new with PowerEdge systems.
The company did not provide any additional details.
UPDATE: After the publication of this story, Dell emailed the following statement from Forrest Norrod, vice president and general manager of server platforms.:
Dell is aware of the issue and is contacting affected customers. The issue affects a limited number of replacement motherboards in four servers - PowerEdge R310, PowerEdge R410, PowerEdge R510 and PowerEdge T410 – and only potentially manifests itself when a customer has a specific configuration and is not running current anti-virus software. This issue does not affect systems as shipped from our factory and is limited to replacement parts only. Dell has removed all impacted motherboards from its service supply chain and new shipping replacement stock does not contain the malware. Customers can find more information on Dell’s community forum.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
RE: Dell ships motherboard with malicious code
What does it do?
RE: Dell ships motherboard with malicious code
This is what they are infected with
http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99
RE: Dell ships motherboard with malicious code
this looks to be the information you are looking for, copied from Dell's community site, looks like posted by a Dell staffer, but can't confirm
--- begin copy/paste block ---
Here are further details regarding the instance of malware introduced on some service motherboards discussed on this forum that affects a very small set of customers. We are proactively contacting identified customers and are working with them to quickly resolve any potential exposure.
There are important pieces of information to note:
1. This issue does not affect any Dell PowerEdge servers shipped from our factories and is limited to a small number of the replacement motherboards only which were sent via Dell?s service and replacement process for four servers: PowerEdge R310, PowerEdge R410, PowerEdge R510 and PowerEdge T410. The maximum potential exposure is less than 1% of these server models.
2. Dell has removed all impacted motherboards from the service supply. New shipping replacement stock does not contain the malware.
3. The W32.Spybot worm was discovered in flash storage on the motherboard during Dell testing. The malware does not reside in the firmware.
4. All industry-standard antivirus programs on the market today have the ability to identify and prevent the code from infecting the customer?s operating system.
5. Systems running non-Microsoft Windows operating systems cannot be affected.
6. Systems with the iDRAC Express or iDRAC Enterprise card installed cannot be affected.
7. Remaining systems can only be exposed if the customer chooses to run an update to either Unified Server Configurator (USC) or 32-bit Diagnostics.
Dell takes customer security and privacy very seriously. Although we are not aware of any reports of customer related issues, we are proactively working with customers to resolve any potential exposure.
Concerned customers can contact Dell technical support at: US_EEC_escalations@dell.com
We will continue to update this forum as new information becomes available or questions arise.
--- end copy/paste block ---
How
RE: Dell ships motherboard with malicious code
Why else would you load such malware and considering its done to the firmware, I hope it calls into question all of Dells quality control processes and vendor choices.
Another reason why I won't ever use Dell again.
RE: Dell ships motherboard with malicious code
This doesn't put me off of Dell in particular, since all companies are out-sourcing to Eastern Europe, Russia, and Continental Asia. If they go there for lower costs (workers paid peanuts), the locals will find a way to increase their profits and malicious code will be ideal for the coders in those regions. To avoid problems: Stop outsourcing or pay them at the Western rates... which, of course, cancels the benefits of outsourcing.
Wiz76
RE: Dell ships motherboard with malicious code
RE: Dell ships motherboard with malicious code
RE: Dell ships motherboard with malicious code
MSFTWorshipper, How do you know that Apple
Not saying they or anyone else did, but then again a few other companies have sent out infected disks and the like with their computers.
RE: Dell ships motherboard with malicious code
RE: Dell ships motherboard with malicious code
http://www.apple.com/support/windowsvirus/
RE: Dell ships motherboard with malicious code
On the other hand...
At least they are owning up it and fixing it. They could have waited for this to blow up, then said, "this affects all motherboards"
But because they admitted it and are fixing it, I'm sure they will beraded and chastised in the news and media.
RE: Dell ships motherboard with malicious code
I think that they are `doing something about it` because they have decided not to have a repeat of the `faulty motherboard capacitor` issue. Like they really need another round of bad press?
RE: Dell ships motherboard with malicious code
At least they are not telling the IT depts. to hold, uhm.. stack them the right way ;)
RE: Dell ships motherboard with malicious code
RE: Dell ships motherboard with malicious code
RE: Dell ships motherboard with malicious code