Dell Lost Control of Key Customer Support Domain for a Month in 2017

Brian Krebs reports: A web site set up by PC maker Dell to help customers recover from malicious software and other computer maladies may have been hijacked for a few weeks this summer by people who specialize in deploying said malware, KrebsOnSecurity has learned. There is a program installed on virtually all Dell computers called "Dell Backup and Recovery Application." It's designed to help customers restore their data and computers to their pristine, factory default state should a problem occur with the device. That backup and recovery program periodically checks a rather catchy domain name -- DellBackupandRecoveryCloudStorage.com -- which until recently was central to PC maker Dell's customer data backup, recovery and cloud storage solutions. Sometime this summer, DellBackupandRecoveryCloudStorage.com was suddenly snatched away from a longtime Dell contractor for a month and exposed to some questionable content. More worryingly, there are signs the domain may have been pushing malware before Dell's contractor regained control over it.

Re:Why more than one?

[crow]

As a Dell employee, I couldn't agree more. We're heading into open enrollment right now for next year's benefits, and there are a bunch of web sites that we use for various parts of it, and while they all have "dell" in the domain name, none of them are subdomains off of dell.com. It's crazy.

And this after the security training where we were told to watch out for suspicious domain names.

I suspect the reason is that they keep everything under dell.com controlled by Dell directly, so anything contracted to an outside vendor needs its own domain. But at the very least, they should set up for all the valid domains a redirect from subdomain.dell.com to subdomaindell.com so they could still advertise a professional-looking domain.