A URL used by PC giant Dell to provide support to customers was hijacked for several weeks this summer after the company failed to renew it.
The DellBackupandRecoveryCloudStorage.com domain name is used on virtually all Dell computers to service its Dell Backup and Recovery Application. The service is intended to help users restore their PCs to their factory state, if they have some kind of issue with their PC, as well as to restore their data.
As such, if the domain name were to fall into the wrong hands it could be used to surreptitiously implant malware on unsuspecting users' PCs.
But according to security researcher Brian Krebs the URL went missing for a month this summer, when it was transferred from the ownership of backup and imaging software company SoftThinks, which runs the service on Dell's behalf.
"From early June to early July 2017, DellBackupandRecoveryCloudStorage.com was the property of Dmitrii Vassilev of ‘TeamInternet.com', a company listed in Germany that specializes in selling what appears to be typosquatting traffic. Team Internet also appears to be tied to a domain monetization business called ParkingCrew," explained Krebs.
He adds that "approximately two weeks after Dell's contractor lost control over the domain, the server it was hosted on started showing up in malware alerts" from tools from vendors that include Rapid7 and Carbon Black, one of which connected the domain to the propagation of ransomware.
However, Krebs' contacts say that they didn't see any attempt to infiltrate PCs with any form of malware and a Dell spokesperson told Krebs that it had discontinued the Dell Backup and Recovery application in 2016.
The company claimed: "A domain as part of the cloud backup feature for the Dell Backup and Recovery (DBAR) application, www.dellbackupandrecoverycloudstorage.com, expired on June 1, 2017 and was subsequently purchased by a third party.
"The domain reference in the DBAR application was not updated, so DBAR continued to reach out to the domain after it expired. Dell was alerted of this error and it was addressed. Dell discontinued the Dell Backup and Recovery application in 2016."
For Krebs, though, this may tie-in with ongoing Dell customer support scams, with the scammers able to reel off users' unique Dell service tags as proof of their bona fides.
"How can scammers have all this data if Dell's service and support system isn't compromised… Dell continues to be silent on what may be going on with the service tag scams," wrote Krebs.
Facebook told by Brussels-based court to stop tracking non-users and to delete all data held on them
Supply chain and manufacturing experience could give Dyson an important edge
New VR Zone Portal arcades open in London and Tunbridge Wells
Systems-on-a-chip with integrated AI features could make voice and facial recognition