Dell Shipped Server Motherboards With Spyware

News
By Marcus Yam
published

Got a recently replaced Dell server motherboard? Time to run some scans.

Dell is warning its customers that it has shipped server motherboards that are infected with a spybot worm.

Specifically, the motherboards affected are the PowerEdge R310, PowerEdge R410, PowerEdge R510 and PowerEdge T410 – and fortunately, only the ones sent out for replacement, but not the ones fresh from factory systems.

The Register received the following response from Dell:

“Dell is aware of the issue and is contacting affected customers. The issue affects a limited number of replacement motherboards in four servers - PowerEdge R310, PowerEdge R410, PowerEdge R510 and PowerEdge T410 – and only potentially manifests itself when a customer has a specific configuration and is not running current anti-virus software.This issue does not affect systems as shipped from our factory and is limited to replacement parts only. Dell has removed all impacted motherboards from its service supply chain and new shipping replacement stock does not contain the malware.Customers can find more information on Dell’s community forum.” – Forrest Norrod, vice president and general manager of server platforms at Dell.

Marcus Yam
Marcus Yam
Marcus Yam served as Tom's Hardware News Director during 2008-2014. He entered tech media in the late 90s and fondly remembers the days when an overclocked Celeron 300A and Voodoo2 SLI comprised a gaming rig with the ultimate street cred.
41 Comments Comment from the forums
  • dan117
    FAIL
    Reply
  • back_by_demand
    Epic fail
    Reply
  • halls
    At least they admitted their mistake, and are making it right.
    Reply
  • jazz84
    I'd be curious as to how the spyware even made its way onto the boards to begin with. Sounds like Dell needs to take a closer look at their vendors...

    Then again, this is Dell we're talking about. "Meh, good enough" is practically their corporate policy.
    Reply
  • jazz84
    hallsAt least they admitted their mistake, and are making it right.
    I dunno, this may be too apologist for my taste. Not sure how this is an actual mistake; do they have a pile marked "good" and another marked "inexplicably loaded with malware" in their spares depots? As a couple folks have already pointed out, this simply has "FAIL" written all over it.
    Reply
  • warfart1
    What I want to know is how spyware is running off a motherboard. There is either a dedicated ROM chip for the bot to run off of, or there is an infected BIOS, in either case Dell HAD to know the boards were bad.
    Reply
  • jazz84
    warfart1What I want to know is how spyware is running off a motherboard. There is either a dedicated ROM chip for the bot to run off of, or there is an infected BIOS, in either case Dell HAD to know the boards were bad.
    THIS. Someone has to go out of their way to make something like this happen. For Dell to essentially respond to the issue with, "Whoopsiedaisy, we made a little boo-boo!" is a total side-step. They should be launching a full internal investigation to find the origin of the program(s) as well as how and where the boards were tampered with. Half-arsing it, however, is par for the course for Dell.

    Kinda makes me wonder whatever happened with the investigation into those counterfeit i7s, but that's a question for another thread...
    Reply
  • excalibur1814
    jazz84THIS. Someone has to go out of their way to make something like this happen. For Dell to essentially respond to the issue with, "Whoopsiedaisy, we made a little boo-boo!" is a total side-step. They should be launching a full internal investigation to find the origin of the program(s) as well as how and where the boards were tampered with. Half-arsing it, however, is par for the course for Dell.Kinda makes me wonder whatever happened with the investigation into those counterfeit i7s, but that's a question for another thread...
    Who has told you that they're not investigating this? Why should the results be public? Maybe they will be once they find something.


    Reply
  • sirmorluk
    Who is on the other end of the telemetry feed is what I want to know?
    Where are the boards being manufactured?
    My guess is (speculation only)they are being made in China and this is more than likey a case of international corporate espionage.
    Reply
  • j51
    hallsAt least they admitted their mistake, and are making it right.
    True.... but How long did it take for Dell to admitted this problem?
    Reply