Dell Warns of Malware-Riddled Motherboards

Dell has agreed to replace computer equipment that shipped with a data-stealing virus. The company is hoping to deal with the issue before any users suffer at the hand of criminals.

Unlike most hacking attempts, which rely on accessing a victim's machine through an Internet connection, this incident brought up the possibility of whether or not malicious software was in fact being physically installed on machines at the factory.

The issue only involves replacement parts for servers, however. These replacement parts are for computers that are primarily used to host websites and, in business settings, to allow multiple users access to the same data without the need for separate computers.

Motherboard Firmware Infected

The parts involved are motherboards, the physical circuit boards that connect various components of a computer. The malicious software was in the memory containing the motherboard firmware, the software that tells a motherboard how to operate.

Dell has noted that the problem only affects around one per cent of the replacement motherboards shipped for four specific server models (the PowerEdge R310, R410, R510 and T410). The issue could cause security problems only if the server was configured in a particular way, is limited to set-ups running Windows Server 2008 or earlier, and would be mitigated or blocked completely by security software.

"Dell is aware of the issue and is contacting affected customers ... This issue does not affect systems as shipped from our factory and is limited to replacement parts only. Dell has removed all impacted motherboards from its service supply chain and new shipping replacement stock does not contain the malware. Customers can find more information on Dell's community forum," said Forrest Norrod, vice president and general manager of server platforms at Dell. (Source: channelregister.co.uk)

Spybot the Culprit

The company confirmed that the malicious software was W32.Spybot, a worm (or self-replicating virus) that sets up communications between its operators and infected machines. Most commonly the operators would then attempt to access confidential data. (Source: reuters.com)

Dell is still investigating how the virus got onto the motherboards, but at the moment it appears the relevant code was accidentally put onto the firmware memory storage during the manufacturing process. It doesn't appear to have affected the firmware itself and can only be triggered by a couple of specific actions. (Source: informationweek.com)

The company is now phoning all affected customers to arrange a technician visit to replace the infected motherboard.

From a public relations perspective, it's probably better for Dell that this issue affected servers rather than desktop computers used by consumers. In reality, were this to have been a genuine hacking attempt, servers would be a more effective target for somebody wanting to spread the virus as quickly as possible.