Dell web address grabbed by a third party for a month

The address 'could have spread malware' to unsuspecting Dell customers

A web address used by Dell to help customers restore their data was taken over by a third party for a month last summer.

Security expert Brian Krebs learnt the site may have been hijacked for a month between mid-June and mid-July.

The backup and recovery program installed on Dell computers periodically checks a web address called DellBackupandRecoveryCloudStorage.com. A software backup and imaging company called SoftThinks, one of Dell's partners, previously had control of this address but it appears it forgot to renew the domain in mid-June.

Krebs wrote: "From early June to early July 2017 DellBackupandRecoveryCloudStorage.com was the property of Dmitrii Vassilev of  "TeamInternet.com," a company listed in Germany that specializes in selling what appears to be typosquatting traffic. Team Internet also appears to be tied to a domain monetization business called ParkingCrew."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

He added: "It could be that Team Internet did nothing untoward with the domain name, and that it just resold it or leased it to someone who did. But approximately two weeks after Dell's contractor lost control over the domain, the server it was hosted on started showing up in malware alerts."

This is according to Celedonio Albarran, who is vice president of IT infrastructure at Equity Residential. He reported that several of  his computers reached out to the web address but were prevented from making a connection, Krebs reported, because "the Internet address tied to the domain was new and because that address had been flagged by two security firms as pushing malicious software".

Albarran told KrebsOnSecurity that he found no evidence of any malware installed on his devices as a result of the traffic. However, he did say his systems were blocked from visiting the domains on 28 June 2017.

Krebs also pointed out that AlienVault's Open Threat Exchange lists the internet address that was assigned to the web address in June as an Amazon server which is "actively malicious", even today.

A spokesperson for Dell told IT Pro: "A domain as part of the cloud backup feature for the Dell Backup and Recovery (DBAR) application, www.dellbackupandrecoverycloudstorage.com, expired earlier in 2017 and was subsequently purchased by a third party. The domain reference in the DBAR application was not updated, so DBAR continued to reach out to the domain after it expired. Dell was alerted of this error and it was addressed.

"We do not believe that the Dell Backup and Recovery calls to the URL during the period in question resulted in the transfer of information to or from the site, including the transfer of malware to any user device."

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/policy-legislation/data-protection/354492/currys-pc-world-parent-firm-hit-with-ps500k-fine-over
data protection

Currys PC World parent firm hit with £500k fine over historic data breach

9 Jan 2020
Visit/security/ransomware/354483/travelex-disruption-caused-by-devastating-ransomware-attack
ransomware

Travelex disruption caused by devastating ransomware attack

8 Jan 2020