A PowerEdge R410 replacement motherboard was shipped to a customer with malware already on it. The PowerEdge General HW Forum now informs him that it is nothing to worry about for seven reasons, which include the following:
The maximum potential exposure is less than 1% of these server models. […] Dell has removed all impacted motherboards from the service supply. New shipping replacement stock does not contain the malware. […] The W32.Spybot worm was discovered in flash storage on the motherboard during Dell testing. The malware does not reside in the firmware.
I like the “nothing to see, move along” tone but here is my personal favorite:
Systems running non-Microsoft Windows operating systems cannot be affected
Cannot be affected? That sounds very promising.
Dell says the customers that received infected motherboards are being contacted by phone. That must make them sleep better at night, given that it was phone calls from Dell that started this whole worry thread:
I just got a telephone call from a service scheduler informing me that the replacement R410 motherboard I received several weeks ago contains spyware in its embedded systems management firmware, and wanting to schedule an additional service call for a tech to come clean it off.
Unfortunately since the person calling was non-technical, she was unable to provide a lot of details. But I do believe the call to be legitimate as she had the service tag of one of my systems which did indeed receive a motherboard replacement recently.
Does Dell have an official article documenting this issue and laying out further details and the potential risks? Obviously it causes me grave concern be informed of a vulnerability but not have all of the technical details, especially when they asked to be able to schedule the service call to resolve the issue at least ten business days in the future.