Dell forgot to re-register a domain name that many PCs it has sold use to do fresh installs of their operating systems. The act of omission was spotted by a third-party who stands accused of using it to spread malware.
The domain in question is www.dellbackupandrecoverycloudstorage.com, which offers anodyne information about Dell's data protection products. The site is also used by an app called the “Dell Backup and Recovery Application”, a program bundled with Dell PCs and which the company bills as “a safe, simple, and reliable backup and recovery solution that can protect your system (OS, applications, drivers, settings) and data (music, photos, videos, documents, and other important files) from data loss.”
The program also helps Dell PC owners who want to do a factory reset.
Krebs On Security reports that the domain is administered by a third party, which forgot to re-register it in June 2017.
Enter an alleged typosquatter, who acquired the domain. Not long afterwards, Krebs alleges the domain redirected to sites hosting malware.
Dell confirmed it lost control of the domain to The Register, in the following statement:
A domain as part of the cloud backup feature for the Dell Backup and Recovery (DBAR) application, www.dellbackupandrecoverycloudstorage.com, expired on June 1, 2017 and was subsequently purchased by a third party. The domain reference in the DBAR application was not updated, so DBAR continued to reach out to the domain after it expired. Dell was alerted of this error and it was addressed.
We do not believe that the Dell Backup and Recovery calls to the URL during the period in question resulted in the transfer of information to or from the site, including the transfer of malware to any user device.
Krebs makes no allegation that malware-slingers attempted to have Dell's application download something nasty, so Dell is probably in the clear. Albeit with plenty of egg on its face. ®