Dell to replace server parts infected with virus

Published 23 July 2010

Dell says W32.Spybot worm was found in replacement motherboards, and that it will replace infected parts with clean motherboards; the company says it is unaware of any attacks as result of infections

Dell's PowerEdge R510 motherboard, one of the company's motherboard models infected with the W32.Spybot worm // Source:

Dell has issued a clarification regarding the source and scope of the infected hardware which found its way into the computers it produces. The company says that “there are important pieces of information to note”:

  • This issue does not affect any Dell PowerEdge servers shipped from our factories and is limited to a small number of the replacement motherboards only which were sent via Dell’s service and replacement process for four servers: PowerEdge R310, PowerEdge R410, PowerEdge R510, and PowerEdge T410. The maximum potential exposure is less than 1% of these server models.
  • Dell has removed all impacted motherboards from the service supply. New shipping replacement stock does not contain the malware.

  • The W32.Spybot worm was discovered in flash storage on the motherboard during Dell testing. The malware does not reside in the firmware.
  • All industry-standard antivirus programs on the market today have the ability to identify and prevent the code from infecting the customer’s operating system.
  • Systems running non-Microsoft Windows operating systems cannot be affected.
  • Systems with the iDRAC Express or iDRAC Enterprise card installed cannot be affected.
  • Remaining systems can only be exposed if the customer chooses to run an update to either Unified Server Configurator (USC) or 32-bit Diagnostics.

Reuters reports that Dell is giving customers replacement parts for servers that were infected with a computer virus designed to steal private data.


The company said it was not aware of any attacks as a result of the rare incident, and that it was replacing the tainted parts as quickly as possible. “We’re going after it very aggressively to make sure that nobody runs into a potential problem,” said Forrest Norrod, vice president and general manager of server platforms for Dell.

He said that the W32.Spybot worm, infected motherboards that were replacement parts and not shipped with new machines. The virus got onto the motherboards after software used to test them was infected due to human error, Norrod said.

Reuters notes that the incident underscores the growing threat posed by hackers. While experienced computer users are wary of files that they take off the Internet, few think of their computer hardware as vulnerable.

Dell said on its website that the issue affects less than 1 percent of four of its server models, and said customers would be safe from attack if they were running up-do-date anti-virus software.

W32.Spybot, discovered in 2003, is designed to establish communications with remote handlers who instruct it to perform a variety of tasks, said Dean Turner, a research director at computer security software maker Symantec Corp. “It can do a lot of things based on the directions it receives, but it is primarily designed to steal confidential information,” he said.