Krebs reported that Dell lost Control of dellbackupandrecoverycloudstorage Domain in June 2017

The popular investigator Brian Krebs reported that the tech giant Dell lost the control of dellbackupandrecoverycloudstorage domain in June 2017.

It is really embarrassing, Dell forgot to renew the domain www.dellbackupandrecoverycloudstorage.com name that was used by the tech giant to install operating systems on the PC it has sold. The incident was discovered by a third-party entity that blamed the vendor for spreading malware through the domain.

According to the popular investigator Brian Krebs who first reported the news, the domain is administered by a third party, which didn’t renew the domain in June 2017.

“It’s not yet clear how or why DellBackupandRecoveryCloudStorage.com got away from SoftThinks.com —  an Austin, Tex.-based software backup and imaging solutions provider that originally registered the domain back in mid-2013 and has controlled it for most of the time since. But someone at SoftThinks apparently forgot to renew the domain in mid-June 2017.” states Brian Krebs.

The www.dellbackupandrecoverycloudstorage.com domain provides information about Dell’s data protection products and is used as a back-end for an app called the “Dell Backup and Recovery Application” that is a solution bundled with Dell PCs. Dell defines the app as “a safe, simple, and reliable backup and recovery solution that can protect your system (OS, applications, drivers, settings) and data (music, photos, videos, documents, and other important files) from data loss.”

The Dell Backup and Recovery Application are also used by Dell to allows PC owners to do a factory reset of their machines.

Krebs alleges the domain redirected to websites hosting malware, according to AlienVault‘s Open Threat Exchange the Internet address that was assigned to DellBackupandRecoveryCloudStorage.com in late June is an Amazon server which is “actively malicious.”

“Reached for comment about the domain snafu, Dell spokesperson Ellen Murphy shared the following statement:

“A domain as part of the cloud backup feature for the Dell Backup and Recovery (DBAR) application, www.dellbackupandrecoverycloudstorage.com, expired on June 1, 2017 and was subsequently purchased by a third party. The domain reference in the DBAR application was not updated, so DBAR continued to reach out to the domain after it expired. Dell was alerted of this error and it was addressed. Dell discontinued the Dell Backup and Recovery application in 2016.””

Krebs warned of scammers that are contacting Dell customers pretending to be Dell tech support specialists. The scammers employ social engineering techniques to make their scams more convincing by reading off the unique Dell “service tag” code printed on each Dell customer’s PC or laptop.

“How can scammers have all this data if Dell’s service and support system isn’t compromised, many Dell customers have asked? And still ask: I’ve had three readers quiz me about these Dell service tag scams in the past week alone. Dell continues to be silent on what may be going on with the service tag scams, and has urged Dell customers targeted by such scams to report them to the company.” concluded Krebs.

This is not the first time the registration related incidents caused problems to organizations. Earlier this month, a service on the Equifax website set up for obtaining free and discounted credit reports had been redirecting users to websites offering a fake Flash Player installer.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – dellbackupandrecoverycloudstorage, malware)

[adrotate banner=”5″]

[adrotate banner=”13″]