Wednesday , 18 July 2018
Home >> C >> Communications >> Dell URL hijacked after firm failed to renew

Dell URL hijacked after firm failed to renew

A URL USED by Dell in a Backup and Recovery Service installed on all its PCs was ‘lost’ for a month this summer after the PC maker failed to renew it.

The DellBackupandRecoveryCloudStorage.com domain name is used on virtually all Dell computers to service its Dell Backup and Recovery Application. The service is intended to help users restore their PCs to their factory state, if they have some kind of issue with their PC, as well as to restore their data.

As such, if the domain name were to fall into the wrong hands it could be used to surreptitiously implant malware on unsuspecting users’ PCs.

However, according to security researcher Brian Krebs the URL went missing for a month this summer when it was transferred from the ownership of backup and imaging software company SoftThinks, which runs the service on Dell’s behalf.

“From early June to early July 2017, DellBackupandRecoveryCloudStorage.com was the property of Dmitrii Vassilev of ‘TeamInternet.com’, a company listed in Germany that specializes in selling what appears to be typosquatting traffic. Team Internet also appears to be tied to a domain monetization business called ParkingCrew,” explained Krebs.

He adds that “approximately two weeks after Dell’s contractor lost control over the domain, the server it was hosted on started showing up in malware alerts” from tools from vendors that include Rapid7 and Carbon Black, one of which connected the domain to the propagation of ransomware.

However, Krebs’ contacts say that they didn’t see any attempt to infiltrate PCs with any form of malware and a Dell spokesperson told Krebs that it had discontinued the Dell Backup and Recovery application in 2016.

The company claimed: “A domain as part of the cloud backup feature for the Dell Backup and Recovery (DBAR) application, www.dellbackupandrecoverycloudstorage.com, expired on June 1, 2017 and was subsequently purchased by a third party.

“The domain reference in the DBAR application was not updated, so DBAR continued to reach out to the domain after it expired. Dell was alerted of this error and it was addressed. Dell discontinued the Dell Backup and Recovery application in 2016.”

For Krebs, though, this may tie-in with ongoing Dell customer support scams, with the scammers able to reel off users’ unique Dell service tags as proof of their bona fides.

“How can scammers have all this data if Dell’s service and support system isn’t compromised… Dell continues to be silent on what may be going on with the service tag scams,” wrote Krebs.  µ

<!–

–>

  • <!–

  • Save this article

  • –>

close
==[ Click Here 1X ] [ Close ]==