Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Dell PowerEdge R410 replacement motherboard firmware contains malware SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Dell PowerEdge R410 replacement motherboard firmware contains malware

A Dell support forum post confirms that PowerEdge R410 replacement motherboards contain malware. The posting is here en.community.dell.com/support-forums/servers/f/956/t/19339458.aspx. The embedded server management firmware in some motherboards contain the malicious code. The issue is not present on new servers and does not impact non-Windows based servers. No further information on the malware itself, mitigation techniques, the specific motherboards affected, nor the method of the original infection are yet available. Dell is sending snail mail and calling affected customers. Thanks Geoff and one other reader for bringing this to our attention!

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

Adrien de Beaupre

353 Posts
ISC Handler
FYI...
- http://www.theinquirer.net/inquirer/news/1724179/dell-shipped-motherboards-malware
Jul 22 2010 - "... Systems with the IDRAC Express or IDRAC Enterprise card installed cannot be affected and the only way that anyone can be exposed is if the customer chooses to run an update to either Unified Server Configurator (USC) or 32-bit Diagnostics."
.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!