Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Dell PowerEdge Motherboard Malware Clarification

Last week Dell notified customers that certain Dell PowerEdge Server replacement motherboards had been infected with malware. The W32.Spybot worm (originally discovered in 2003) was found in flash storage (NOT firmware) on the motherboard during Dell testing.

This issue does not affect systems as shipped from Dell and is limited to replacement motherboards in four servers – Dell PowerEdge R310, PowerEdge R410, PowerEdge R510 and PowerEdge T410.

Last week Dell notified customers that certain Dell PowerEdge Server replacement motherboards had been infected with malware. The W32.Spybot worm (originally discovered in 2003) was found in flash storage (NOT firmware) on the motherboard during Dell testing.

This issue does not affect systems as shipped from Dell and is limited to replacement motherboards in four servers – Dell PowerEdge R310, PowerEdge R410, PowerEdge R510 and PowerEdge T410.

While discovering malware embedded in servers shipped from major manufacturers is alarming, this incident in particular should have minimal impact.

According to a Dell representative in response to an inquiry from SecurityWeek, a very specific sequence of events would need to occur for customers to be affected:

• The systems would have to ship w/o an iDRAC Express or iDRAC Enterprise card, which is minority of Dell systems

• The customer would have to be running a non-patched version of Windows 2008 or an earlier version of the OS

• Not running current anti-virus software, which would flag the malware.

• The servers would have to run a specific series of commands.

Advertisement. Scroll to continue reading.

Dell quality control identified the problem and the company says it is not aware of any customers that have been compromised.

Dell has removed the impacted motherboards from its supply chain and the total universe of potentially affected customers is less than 1% of these server models. The virus infected the motherboards as a result of the software used to test them being infected due to human error.

Additional information and updates can be found at the Dell Support Forum.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.