Operating Systems

The core of your mission-critical workloads: AIX, IBM i, and Enterprise Linux


ISV Solutions

Stay up to date with key capabilities running on POWER such as SAP

Business Continuity

Learn how to keep critical processes running and adapt quickly with PowerHA


Power Security

Protect your most sensitive data anywhere in your hybrid cloud


Check here for virtualization and management needs: HMC & CMC, PowerVC, and PowerVM

Open Source

Join our open source efforts within the IBM Power Systems portfolio

Enterprise Infrastructure as a Service

Achieve business growth with agility and flexibility with our enterprise IaaS in Power Virtual Server

Programming Languages

The hub for Programming Languages

Expand all | Collapse all

Malware Warning

  • 1.  Malware Warning

    Posted Tue November 24, 2020 03:38 PM
    New customer of ours had a malware attack. They had a NetServer guest profile and a root directory share. Their only saving grace was the guest profile didn't have *ALLOBJ. Anything that wasn't nailed down got encrypted. We're closing those doors now. And more.

    They dodged a howitzer. Keep yourself protected.

    Steve Pitcher

  • 2.  RE: Malware Warning

    Posted Wed November 25, 2020 02:17 AM
    Ouch, this is bad. 
    Is it "just" to restore from backup or is the backups encrypted as well or some malware that just starts encrypting it again after restore?

    Torbjörn Appehl

  • 3.  RE: Malware Warning

    Posted Wed November 25, 2020 09:19 AM
    It's a recovery and IFS hardening. It used the guest user ID and the root share to do the damage. Once those doors are shut they're most definitely in better shape than before. Far less risk.

    Steve Pitcher

  • 4.  RE: Malware Warning

    Posted Wed November 25, 2020 11:39 AM
    Thanks for the warning.


    James Sparkman

  • 5.  RE: Malware Warning

    Posted Wed November 25, 2020 05:29 PM
    Edited by Jacob Banda Wed November 25, 2020 05:29 PM
    Thank you very much for the timely warning Steve.

    It's a great reminder that incorrectly set IFS permissions and broad scope shared folders via NetServer are still a risk that most people overlook, or fail to audit on a regular basis.

    Jacob Banda