Dell Accidentally Sent out Malware-Riddled Motherboards

July 21, 2010 By Nick Mokey

A hiccup at Dell’s service parts department saw a number of motherboards with malware-infected firmware go out the door to customers.

Like patients who enter the hospital for a simple tonsillectomy and end up leaving with pneumonia, it seems like customers seeking help from Dell’s service parts department may have made things worse for themselves, while trying to make things better. The company admits it may have sent out a number of motherboards with malware lurking within their firmware.

According to Dell itself, the infection affects only a “small number” of motherboards, which were sent out through service dispatches. The malware in question has shown up on the embedded server management firmware on the PowerEdge motherboards.

“To date we have received no customer reports related to data security,” a Dell representative said on the company’s own support forums. “Systems running non-Windows operating systems are not vulnerable to this malware and this issue is not present on motherboards shipped new with PowerEdge systems.”

Since all the boards were sent out through service dispatches, Dell apparently has a list of customer e-mails and will be contacting owners of potentially infected boards directly. Since the issue has been limited to the company’s enterprise-level PowerEdge servers, consumers have nothing to worry about.

Showing 11 comments

rich at 8:22am 24th July 2010 If Linux is pretty much immune to software malware, does it mean that it's immune to hardware malware too?
1. ioman at 9:44am 24th July 2010 Apple was immune to Malware too at one point. Then people started actually using their OS and..... Linux is immune because no one actually cares to hack it and steal the whole two users information.
  1. TDeemer at 9:55am 26th July 2010 That's a ridiculous assertion. If Linux is indeed "not worth hacking", then things like the New York Stock Exchange must not be desirable targets for the Cracker Elite. And outside the US, Linux has a significantly greater mind share, installation base, and official agency usage. Know your facts before making claims.
Guest at 7:51am 24th July 2010 ya and if linux ends up with problems all the joe sixpack users will be the first ones to be kicked out
Jazzy_Jeff at 10:28am 23rd July 2010 I am so glad I switched to Linux.
Laughing at 9:36am 23rd July 2010 *ROFLMAO* Not only does Dell get slapped with Fraud charges to the tune of $1M, but now this! Hey Dude, guess you're NOT getting a Dell!
juan at 4:40am 23rd July 2010 Did he died?
Jim at 6:08am 22nd July 2010 This isn't a new thing for Dell now is it? At least people can rely on their *brilliant* customer service :)
daanbrg at 5:24am 22nd July 2010 Sure, consumers have nothing to worry about. Unless they're working at a company with one of those servers :P
ioman at 11:14am 21st July 2010 Why would someone intentionally put Malware into a motherboard? That is the most ridiculous thing I have heard of.
1. Frank Earl at 10:06am 23rd July 2010 Because it's not really firmware- it's a bootable Windows installation that contains their baseline server management and diagnostic system software. Previous iterations of this software were using Red Hat Linux- apparently, at least some of them ended up using Windows instead. Now, apparently, there was at least one contaminated machine in their production setup, which means the "firmware" was contaminated out of box completely by accident. It's a liability to use Windows in stuff like this. No good way to vet it- and worse, it's available to be contaminated like the system itself with it's own malware woes and the moment you try to diagnose a problem or make a config change- zap, you're infected again.