A web address used by recovery software on Dell PCs was taken over by a third-party after a contractor apparently failed to renew it.
Dell’s software checks in with the domain periodically, so whoever snapped it up could use it to distribute malware.
Security expert and author Brian Krebs – who first reported the issue – believed there was a possibility that this had happened.
Dell says no malware was transferred.
Dell’s Backup and Recovery Application software is installed by default on many of the firm’s PCs and allows users to restore their computers to factory settings, in the event of problems.
The software downloaded updates from dellbackupandrecoverycloudstorage.com.
That web address used to be controlled by US-based tech firm SoftThinks but was taken over by another party at some point between June and July this year.
“Approximately two weeks after Dell’s contractor lost control over the domain, the server it was hosted on started showing up in malware alerts,” Mr Krebs said in his blog.