IBM i

  • 1.  Malware Warning

    Posted Tue November 24, 2020 03:38 PM
    New customer of ours had a malware attack. They had a NetServer guest profile and a root directory share. Their only saving grace was the guest profile didn't have *ALLOBJ. Anything that wasn't nailed down got encrypted. We're closing those doors now. And more.

    They dodged a howitzer. Keep yourself protected.  https://www.itechsol.com/the-real-effects-of-malware-on-ibm-i/


    ------------------------------
    Steve Pitcher
    ------------------------------


  • 2.  RE: Malware Warning

    Posted Wed November 25, 2020 02:17 AM
    Ouch, this is bad. 
    Is it "just" to restore from backup or is the backups encrypted as well or some malware that just starts encrypting it again after restore?

    ------------------------------
    Torbjörn Appehl
    ------------------------------



  • 3.  RE: Malware Warning

    Posted Wed November 25, 2020 09:19 AM
    It's a recovery and IFS hardening. It used the guest user ID and the root share to do the damage. Once those doors are shut they're most definitely in better shape than before. Far less risk.

    ------------------------------
    Steve Pitcher
    ------------------------------



  • 4.  RE: Malware Warning

    IBM Select
    Posted Wed November 25, 2020 11:39 AM
    Thanks for the warning.

    Jim

    ------------------------------
    James Sparkman
    ------------------------------



  • 5.  RE: Malware Warning

    Posted Wed November 25, 2020 05:29 PM
    Edited by Jacob Banda Wed November 25, 2020 05:29 PM
    Thank you very much for the timely warning Steve.

    It's a great reminder that incorrectly set IFS permissions and broad scope shared folders via NetServer are still a risk that most people overlook, or fail to audit on a regular basis.

    ------------------------------
    Jacob Banda
    ------------------------------