Diagnostic software preinstalled on many Dell computers is now being flagged as a potentially unwanted program by antivirus program Malwarebytes following the discovery of a vulnerability that allows attackers to remotely execute malicious code on older versions.
The application known as Dell System Detect failed to validate code before downloading and running it, according to a report published last month by researcher Tom Forbes. Because the program starts itself automatically, a malicious hacker could use it to infect vulnerable machines by luring users to a booby-trapped website. According to researchers with AV provider F-Secure, the malicious website need only have contained the string “dell” somewhere in its domain name to exploit the weakness. www.notreallydell.com was just one example of a site that would have worked.
Dell released an update in response to Forbes’s report, but even then, users remained vulnerable. That’s because the updated program still accepted downloads from malicious sites that had a subdomain with “dell” in it, for instance, a.dell.fakesite.ownedbythebadguys.com.