Once upon a time, there was a Dell domain called (deep breath…)
(Loooooooooong name, isn’t it? Kind of asking for trouble a la Equifax and that silly domain name it came up with post-mega-breach, wouldn’t you say? But that’s another story.)
Its purpose is to serve as an information repository for Dell’s data protection products. Its other job is to be a home base for Dell’s Backup and Recovery application, which “enables the user to backup and restore their data with just a few clicks.”
As Dell customer liaison Jesse L described it on a Dell support forum, the basic version of that program is installed by default on Dell PCs:
The Basic version comes pre-installed on all systems and allows the user to create the system recovery media and take a backup of the factory installed applications and drivers. It also helps the user to restore the computer to the factory image in case of an OS issue.
In other words, if you have a problem on your system – say, all of your files have been wiped or encrypted by malware – you can use Backup and Recovery to restore it to a pristine state.
As you can see, this all means that whoever controls that mouthful of a domain name could exercise an awful lot of power over the data on Dell customers’ systems.
Fine, if that somebody is Dell, but what if it’s not?
What if the somebody who controlled the domain wasn’t offering an if-all-else-fails route back to a malware-free system but was actually looking to spread malware?
Unfortunately, that may be exactly what happened for about a month this year, from early June to early July 2017.
On Tuesday, security reporter Brian Krebs published a tale of how during that time, the domain slipped out of the hands of a Dell partner – SoftThinks.com, a software backup and imaging solutions provider in Texas.
From early June to early July 2017, DellBackupandRecoveryCloudStorage.com was the property of Dmitrii Vassilev of “TeamInternet.com,” a company listed in Germany that specializes in selling what appears to be typosquatting traffic. Team Internet also appears to be tied to a domain monetization business called ParkingCrew.
A typosquatter registers misspelled domain names (think
goggle) in the hope of fooling users who mistype them. Type in a domain like that and you might find it hosting ads for scam products, or worse, it might be inhabited by a website designed for phishing or hosting malware.
Regardless of whether TeamInternet was the primary malware shipper or not (it’s possible the site was inadvertently malvertising) the server that was running what should have been a Dell-controlled domain started showing up in malware alerts about two weeks after SoftThinks let it slip out of its grasp.
Dell confirmed it lost control of the domain to The Register. Here’s its statement:
[the domain] expired on June 1, 2017 and was subsequently purchased by a third party. The domain reference in the DBAR application was not updated, so DBAR continued to reach out to the domain after it expired. Dell was alerted of this error and it was addressed.
We do not believe that the Dell Backup and Recovery calls to the URL during the period in question resulted in the transfer of information to or from the site, including the transfer of malware to any user device.
Well, that’s a relief: malware might have been on the menu if you visited the domain with your web browser, but when your Dell Backup and Recovery application came calling it wasn’t.
What isn’t a relief: a major PC and data backup vendor – or what Dell calls the “Great Partner” it entrusts with its customers’ data – managed to #fail at something as easy as renewing a domain.
Of course, Dell isn’t alone in the walk of shame you have to take if your domain somehow slips from your grasp.
Earlier this month we brought you the story of a company that supplies a video relay service (VRS) – including emergency services – to deaf, hard of hearing and speech-disabled people. Forgetting to renew its domain meant a three-day outage for customers and a $3 million fine from the Federal Communications Commission (FCC).
Because really. Really. Failing to renew is hard.
Almost everyone wants you to renew – you want the domain and your registrar wants your money. Even if your domain expires it’s set aside for you and nobody else for what can amount to months of get-out-of-jail-free time as grace and redemption periods play out.
Still, it shouldn’t come to that. There are many ways to stay on top of your domain renewals – you could try to construct a memory palace, say, or perhaps you could get a tattoo, though you’d have to keep up with re-inking – but the easiest option is to hit autorenew when you register the name.
Source : Naked Security