Malware Knows No Bounds

July 21, 2010

Some Dell PowerEdge R410 customers had a little extra in the box. Luckily the malware was removed quickly but it is a warning that even the best need to be vigilant.

William G. Wong

1 of Enlarge image

Dell PoweEdge R410 1U server

A few Dell PowerEdge R410 customers got slipped a mickey in the form of malware. Luckily customers were notified quickly but it is a warning that even the best need to be vigilant. Identifying the problem quickly prevented this from escalating into something on the order of the Energizer USB Battery incident. A thread was started on the Dell support website but, as noted in the thread, customers were contacted directly.

The malware some how found its way into the management firmware. An update essentially eliminated the problem. The details of the malware were not exposed and there is no indication that it caused any major problems. The problem only affected Windows-based machines that were updated with some service stock motherboards. New machines were not affect.

The problem again highlights the importance of vigilance, good reporting, and prompt reponse to software issues such as this regardless of the nature of the deployed platform. The PowerEdge R410 is effectively an embedded system. Embedded systems rarely have the direct interaction with a user as a laptop or mobile device so detecting a problem can be next to impossible for most users. Likewise, correcting this type of problem is not always an easy fix since the device may not have remote update capability.

This kind of problem hightlights two issues embedded developers need to keep in mind. First, problems like these need to be considered when creating the development, testing, deployment and upgrade policies for a company. Second, remote or in field updates to address this kind of problem should be considered when designing a system. On the other hand, update facilities need to be designed carefully so they are not also an attack vector for other kinds of viruses and worms. These days it is rare that USB or network connectivity is not part of a product design.

The Dell server was an easy target and the malware was probably not specific to the R410. Still, embedded systems are utilizing standard operating systems like Windows CE and Linux so generic malware, virueses and worms are now more likely able to operate on embedded devices. Knowing the problem can exist is a start. Putting the proper policies in place to prevent and address the problem is the next step. Finally, actual hardware and software design needs to take the issue into account otherwise a product might easily turn from a cash cow into legal liability.

Dell

About the Author

William G. Wong | Senior Content Director - Electronic Design and Microwaves & RF

I am Editor of Electronic Design focusing on embedded, software, and systems. As Senior Content Director, I also manage Microwaves & RF and I work with a great team of editors to provide engineers, programmers, developers and technical managers with interesting and useful articles and videos on a regular basis. Check out our free newsletters to see the latest content.

You can send press releases for new products for possible coverage on the website. I am also interested in receiving contributed articles for publishing on our website. Use our template and send to me along with a signed release form.

Check out my blog, AltEmbedded on Electronic Design, as well as his latest articles on this site that are listed below.

You can visit my social media via these links:

I earned a Bachelor of Electrical Engineering at the Georgia Institute of Technology and a Masters in Computer Science from Rutgers University. I still do a bit of programming using everything from C and C++ to Rust and Ada/SPARK. I do a bit of PHP programming for Drupal websites. I have posted a few Drupal modules.

I still get a hand on software and electronic hardware. Some of this can be found on our Kit Close-Up video series. You can also see me on many of our TechXchange Talk videos. I am interested in a range of projects from robotics to artificial intelligence.