Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Dell PowerEdge R410 replacement motherboard firmware contains malware - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Dell PowerEdge R410 replacement motherboard firmware contains malware

A Dell support forum post confirms that PowerEdge R410 replacement motherboards contain malware. The posting is here The embedded server management firmware in some motherboards contain the malicious code. The issue is not present on new servers and does not impact non-Windows based servers. No further information on the malware itself, mitigation techniques, the specific motherboards affected, nor the method of the original infection are yet available. Dell is sending snail mail and calling affected customers. Thanks Geoff and one other reader for bringing this to our attention!

Adrien de Beaupré Inc.

I will be teaching next: Intrusion Detection In-Depth - SANS Cyber Defence Australia 2022

Adrien de Beaupre

353 Posts
ISC Handler
Jul 21st 2010
Jul 22 2010 - "... Systems with the IDRAC Express or IDRAC Enterprise card installed cannot be affected and the only way that anyone can be exposed is if the customer chooses to run an update to either Unified Server Configurator (USC) or 32-bit Diagnostics."

Sign Up for Free or Log In to start participating in the conversation!