PowerEdge R410 Motherboards Ship with malware/trojan in Firmware

Tino Schwarze linux-poweredge.lists at tisc.de
Wed Jul 21 13:13:33 CDT 2010


Hi,

On Wed, Jul 21, 2010 at 01:01:51PM -0500, Sabuj Pattanayek wrote:
> I've heard from comments on /. and elsewhere that only replacement
> boards were infected and that Dell has contacted users who received
> these boards. I've got a new unopened R410 with the iDrac Express
> still sitting in the box, so it's probably safe, but I'd feel better
> if there was some utility that could be run to check for the infected
> image and then flash it with the clean image of the embedded OS.
> 
> Sabuj Pattanayek
> 
> On Wed, Jul 21, 2010 at 11:30 AM, Brian A. Seklecki
> <lavalamp at spiritual-machines.org> wrote:
> >
> > Oh man:
> >
> > http://www.newscientist.com/blogs/shortsharpscience/2010/07/pc-giant-warns-of-hardware-tro.html
> >
> > http://en.community.dell.com/support-forums/servers/f/956/t/19339458.aspx

Citing this URL:

1.       This issue does not affect any Dell PowerEdge servers shipped
from our factories  and is limited to a small number of the replacement
motherboards only which were sent via Dell’s service and replacement
process for four servers: PowerEdge R310, PowerEdge R410, PowerEdge R510
and PowerEdge T410.  The maximum potential exposure is less than 1% of
these server models.
2.       Dell has removed all impacted motherboards from the service
supply. New shipping replacement stock does not contain the malware.
3.       The W32.Spybot worm was discovered in flash storage on the
motherboard during Dell testing. The malware does not reside in the
firmware.
4.       All industry-standard antivirus programs on the market today
have the ability to identify and prevent the code from infecting the
customer’s operating system. 
5.       Systems running non-Microsoft Windows operating systems cannot
be affected.
6.       Systems with the iDRAC Express or iDRAC Enterprise card
installed cannot be affected. 
7.       Remaining systems can only be exposed if the customer chooses
to run an update to either Unified Server Configurator (USC) or 32-bit
Diagnostics.  

HTH,

Tino, (not affiliated with Dell!)

-- 
"What we nourish flourishes." - "Was wir nähren erblüht."

www.tisc.de



More information about the Linux-PowerEdge mailing list