Dell forgot to renew PC data recovery domain, so a squatter bought it

Days later it served malware, but the only visible damage was to Dell's reputation

By Simon Sharwood


Dell forgot to re-register a domain name that many PCs it has sold use to do fresh installs of their operating systems. The act of omission was spotted by a third-party who stands accused of using it to spread malware.

The domain in question is, which offers anodyne information about Dell's data protection products. The site is also used by an app called the “Dell Backup and Recovery Application”, a program bundled with Dell PCs and which the company bills as “a safe, simple, and reliable backup and recovery solution that can protect your system (OS, applications, drivers, settings) and data (music, photos, videos, documents, and other important files) from data loss.”

The program also helps Dell PC owners who want to do a factory reset.

Krebs On Security reports that the domain is administered by a third party, which forgot to re-register it in June 2017.

Enter an alleged typosquatter, who acquired the domain. Not long afterwards, Krebs alleges the domain redirected to sites hosting malware.

Dell confirmed it lost control of the domain to The Register, in the following statement:

A domain as part of the cloud backup feature for the Dell Backup and Recovery (DBAR) application,, expired on June 1, 2017 and was subsequently purchased by a third party. The domain reference in the DBAR application was not updated, so DBAR continued to reach out to the domain after it expired. Dell was alerted of this error and it was addressed.

We do not believe that the Dell Backup and Recovery calls to the URL during the period in question resulted in the transfer of information to or from the site, including the transfer of malware to any user device.

Krebs makes no allegation that malware-slingers attempted to have Dell's application download something nasty, so Dell is probably in the clear. Albeit with plenty of egg on its face. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

WTH is my domain? OpenSRS and Hover down and out

Updated Network failure forces punters' websites offline

Automated Weather Source didn't see this cloud coming: Amazon snatches up

Uh, we'll be having that domain

Mozilla accuses FCC of abdicating its role, ignoring comments in net neutrality lawsuit

Legal battle #433 over Pai's push to kill off rules

FCC sets a record breaking $120m fine for rude robocalls

Florida Man gets one hell of a phone bill for nuisance calls

Dot-Amazon spat latest: Brazil tells ICANN to go fsck itself, only 'govts control the internet'

Analysis Battle to block Bezos from gTLD slams into big biz

Amazon may still get .amazon despite govt opposition – thanks to a classic ICANN cockup

Special report DNS king breaks own bylaws yet again

One year late, US senators act on fake net neutrality comments that drowned the FCC

It's not a real problem until a Congressman is affected

Denial of denial-of-service served: There was NO DDoS on FCC net neutrality comments

Probe confirms: No attack, just an incredibly unpopular policy brought down feedback site

DNS ad-hocracy in peril as ICANN advisors mull root server shakeup

Plan could reduce the number of central server operators

Internet overseer ICANN loses a THIRD time in Whois GDPR legal war

US org told by German court its delusional claims in privacy rules battle are not credible