Last week Dell notified customers that certain Dell PowerEdge Server replacement motherboards had been infected with malware. The W32.Spybot worm (originally discovered in 2003) was found in flash storage (NOT firmware) on the motherboard during Dell testing.
This issue does not affect systems as shipped from Dell and is limited to replacement motherboards in four servers – Dell PowerEdge R310, PowerEdge R410, PowerEdge R510 and PowerEdge T410.
While discovering malware embedded in servers shipped from major manufacturers is alarming, this incident in particular should have minimal impact.
According to a Dell representative in response to an inquiry from SecurityWeek, a very specific sequence of events would need to occur for customers to be affected:
• The systems would have to ship w/o an iDRAC Express or iDRAC Enterprise card, which is minority of Dell systems
• The customer would have to be running a non-patched version of Windows 2008 or an earlier version of the OS
• Not running current anti-virus software, which would flag the malware.
• The servers would have to run a specific series of commands.
Dell quality control identified the problem and the company says it is not aware of any customers that have been compromised.
Dell has removed the impacted motherboards from its supply chain and the total universe of potentially affected customers is less than 1% of these server models. The virus infected the motherboards as a result of the software used to test them being infected due to human error.
Additional information and updates can be found at the Dell Support Forum.
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.
More from Mike Lennon
- Watch Now: Threat Detection and Incident Response Virtual Summit
- Registration Now Open: 2023 ICS Cybersecurity Conference | Atlanta
- NetRise Adds $8 Million in Funding to Grow XIoT Security Platform
- Virtual Event Today: Zero Trust Strategies Summit
- Virtual Event Tomorrow: Zero Trust Strategies Summit
- Watch: How to Build Resilience Against Emerging Cyber Threats
- Video: How to Build Resilience Against Emerging Cyber Threats
- Webinar Today: Understanding Hidden Third-Party Identity Access Risks
Latest News
- What if the Current AI Hype Is a Dead End?
- Microsoft Makes SMB Signing Default Requirement in Windows 11 to Boost Security
- Zyxel Urges Customers to Patch Firewalls Against Exploited Vulnerabilities
- Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards
- SBOMs – Software Supply Chain Security’s Future or Fantasy?
- Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations
- Cybersecurity M&A Roundup: 36 Deals Announced in May 2023
- Insider Q&A: Artificial Intelligence and Cybersecurity In Military Tech
