Dell forgot to renew PC data recovery domain, so a squatter bought it

Days later it served malware, but the only visible damage was to Dell's reputation

By Simon Sharwood, APAC Editor

Posted in Security, 26th October 2017 05:04 GMT

Dell forgot to re-register a domain name that many PCs it has sold use to do fresh installs of their operating systems. The act of omission was spotted by a third-party who stands accused of using it to spread malware.

The domain in question is www.dellbackupandrecoverycloudstorage.com, which offers anodyne information about Dell's data protection products. The site is also used by an app called the “Dell Backup and Recovery Application”, a program bundled with Dell PCs and which the company bills as “a safe, simple, and reliable backup and recovery solution that can protect your system (OS, applications, drivers, settings) and data (music, photos, videos, documents, and other important files) from data loss.”

The program also helps Dell PC owners who want to do a factory reset.

Krebs On Security reports that the domain is administered by a third party, which forgot to re-register it in June 2017.

Enter an alleged typosquatter, who acquired the domain. Not long afterwards, Krebs alleges the domain redirected to sites hosting malware.

Dell confirmed it lost control of the domain to The Register, in the following statement:

A domain as part of the cloud backup feature for the Dell Backup and Recovery (DBAR) application, www.dellbackupandrecoverycloudstorage.com, expired on June 1, 2017 and was subsequently purchased by a third party. The domain reference in the DBAR application was not updated, so DBAR continued to reach out to the domain after it expired. Dell was alerted of this error and it was addressed.

We do not believe that the Dell Backup and Recovery calls to the URL during the period in question resulted in the transfer of information to or from the site, including the transfer of malware to any user device.

Krebs makes no allegation that malware-slingers attempted to have Dell's application download something nasty, so Dell is probably in the clear. Albeit with plenty of egg on its face. ®

Sign up to our NewsletterGet IT in your inbox daily

56 Comments

More from The Register

WTH is my domain? OpenSRS and Hover down and out

Updated Network failure forces punters' websites offline

Dot-Amazon spat latest: Brazil tells ICANN to go fsck itself, only 'govts control the internet'

Analysis Battle to block Bezos from gTLD slams into big biz

Amazon may still get .amazon despite govt opposition – thanks to a classic ICANN cockup

Special report DNS king breaks own bylaws yet again

FCC backtracks on helping with neutrality fraud investigation

Eager to cut ISP regulation, the agency shows concern for privacy of comment forgers

As GDPR draws close, ICANN suggests 12 conflicting ways to cure domain privacy pains

Whois and ICANN – the Sonny and Cher of internet policy

Stop this crazy crusade! Google, Facebook, Microsoft, Amazon scold FCC over net neutrality

Lengthy filing by Internet Association highlights value of today's rules

California Senate OKs net neutrality law, gives FCC cold hard long stare

F U FCC say lawmakers as bill passes to Assembly

When uploading comments to the FCC, you can now include malware

And this is the agency that wants to regulate the internet

Pressure mounts on FCC to cough up answers over fake net neutrality comments

Analysis House Dems send snotagram to watchdog boss

Robocall crackdown, choked Lifelines, and pole-climbing: Your new FCC rules roundup

Fresh round of overhauls, and some aren't happy about it