Dell Warns Of Spyware On PowerEdge Motherboards

Dell has been warning customers that it accidentally shipped replacement server motherboards that contained spyware.

The problem came to light in a post on Dell’s community forum, from a user who had been contacted by Dell to say that the replacement R410 motherboard he received several weeks ago contained spyware in its embedded systems management firmware. The Dell representative wanted to schedule an additional service call for a tech to come and clean it off.

“Unfortunately since the person calling was non-technical, she was unable to provide a lot of details. But I do believe the call to be legitimate as she had the service tag of one of my systems which did indeed receive a motherboard replacement recently,” said the user.

Replacement Motherboards

Dell responded to the user and confirmed that the service call was indeed legitimate.

“As part of Dell’s quality process, we have identified a potential issue with our service mother board stock, like the one you received for your PowerEdge R410, and are taking preventative action with our customers accordingly,” it said. “The potential issue involves a small number of PowerEdge server motherboards sent out through service dispatches that may contain malware.  This malware code has been detected on the embedded server management firmware as you indicated.”

“We take matters of information security very seriously and believe that any impact to a customer’s information security is unlikely,” Dell added. “To date we have received no customer reports related to data security. Systems running non-Windows operating systems are not vulnerable to this malware and this issue is not present on motherboards shipped new with PowerEdge systems.”

Dell said that had it was contacting affected customers directly about the issue.

“Dell is aware of the issue and is contacting affected customers,” said Forrest Norrod, vice president and general manager of server platforms at Dell in an emailed statement to eWEEK Europe UK. “The issue affects a limited number of replacement motherboards in four servers – PowerEdge R310, PowerEdge R410, PowerEdge R510 and PowerEdge T410 – and only potentially manifests itself when a customer has a specific configuration and is not running current anti-virus software.”

Spybot Worm

“This issue does not affect systems as shipped from our factory and is limited to replacement parts only,” said Norrod. “Dell has removed all impacted motherboards from its service supply chain and new shipping replacement stock does not contain the malware.”

Spyware comes in various forms, including commercial software installed deliberately by employers wanting to monitor staff (as in this iPad software), and malicious code designed to extract private information. It is thought that the spyware that is infecting the motherboards is the Spybot worm, which spreads using Microsoft Windows vulnerabilities. This means that servers running a non-Microsoft operating system should be safe.

Dell did not say how the motherboards came to be infected in the first place, but it seems that the malware was located in the embedded server management firmware on the motherboards, although latter reports indicated that the problem was actually in the flash storage.

Worried customers are advised to consult the community forum thread located here.

Dell is currently fighting allegations that company representatives several years ago knowingly sold faulty PCs and then tried to cover up the issue when it was raised by customers. Recently unsealed court documents alleged that the manufacturer knowingly sold nearly 12 million defective computers between 2003 and 2005. The OptiPlex PCs in question reportedly had a failure rate of 97 percent over a three-year period, due to faulty capacitors manufactured by Japanese supplier Nichicon.