[coreboot] Del firmware malware

ron minnich rminnich at gmail.com
Thu Jul 22 08:29:55 CEST 2010

Wow, top hit on google. But I'm confused.


"The W32.Spybot worm was discovered in flash storage on the
motherboard during Dell testing. The malware does not reside in the

Er, um, the firmware is in Flash I thought. OK, there's more than one
Flash part I assume.

OK, what's that mean? In the Flash in the case the Flash file system
used by EFI? Why is there flash storage on the motherboard? As you can
guess, getting some information out of Dell or the journalists is
essentially impossible.

I like this one: "Systems running non-Microsoft Windows operating
systems cannot be affected.". Which won't stop IT departments
everywhere from continuing to mandate Windows :-) (yes, I realize I'm
being unfair :-)

This one is even stranger: "Remaining systems can only be exposed if
the customer chooses to run an update to either Unified Server
Configurator (USC) or 32-bit Diagnostics.""

Eh? Why would that expose remaining systems? And why would this worm
be run anyway? In other words, why is a worm on a Flash part on the
mainboard being run? What other software is in that part that is also
being run that we don't know about? This is very curious.


More information about the coreboot mailing list