Dell Ships Server Motherboards Infected with Worm *UPDATE*

by Reads (2,036)

by Jacqueline Emigh

*UPDATE* Originially, this article appeared on the site incomplete; the complete piece has since been reposted.

After accidentally shipping some malware-infected motherboards for PowerEdge PC servers, Dell has decided to add new steps to its product testing procedures.

According to an online posting by a Dell employee, the W32 Spybot worm was discovered in the flash memory of the affected motherboards in internal testing by Dell.

The bug had been introduced inadvertently during manufacturing.

“The issue does not affect any Dell PowerEdge servers shipped from our factories and is limited to a small number of the replacement motherboards only which were sent via Dell’s service and replacement process for four servers: PowerEdge R310, PowerEdge R410, PowerEdge R510, and PowerEdge T410,” said Matt M, in a posting to Dell’s PowerEdge support forum.

The identified worm can only run on Windows systems, and it can be thwarted by “all industry-standard antivirus programs on the market today,” he wrote.

Dell has removed all of the impacted motherboards from its service supply, and replacement boards shipped since discovery of the worm do not contain the malware, according to the Dell staffer.

A Dell customer first kicked off the discussion thread on the forum when he wrote to say that he’d heard about the malware in a phone call from a Dell service scheduler.

“Unfortunately since the person calling was non-technical, she was unable to provide a lot of details. But I do believe the call to be legitimate as she had the service tag of one of my systems which did indeed receive a motherboard replacement recently,” according to the customer.

“Does Dell have an official article documenting this issue and laying out further details and the potential risks? Obviously it gives me grave concern [to] be informed of a vulnerability but not have all the technical details, especially when they asked to be able to schedule the service call to resolve the issue at least ten business days in the future.”

Dell’s Matt M replied that Dell had been “proactively contacting identified customers” and working with them to quickly resolve any potential exposure. “To date we have received no customer reports related to data security,” he contended.

A company spokesperson said later that Dell has now introduced new steps to its testing processes in response to the malware incident. “There was a sequence of human errors that led to the issue. That being said, we have identified and implemented 16 additional process steps to make sure this doesn’t happen again,” according to the spokesperson, Jim Hahn.



All content posted on TechnologyGuide is granted to TechnologyGuide with electronic publishing rights in perpetuity, as all content posted on this site becomes a part of the community.