Hi everyone, I hope you enjoy my first blog here, it all started with this question. Can it really be infected?
Mostly because I thought that it couldn't be infected and that the IBM i was not vulnerable to a Win/Linux malware.

Malware and IBM i

Hi Alejandro 

Your question is an interesting one, and the answer really depends on your definition.   For example, if you are solely using classic IBM i "/QSYS.LIB" file structure, then there is a strong argument that IBM i is immune to such Malware.  

But, if you use your IBM i on a network where you share files with devices running other, using functions like NetServer, RSYNC, etc, then you could turn your IBM i server into an infected host, even if the programs running on it were not affected.  If this were to happen, then other clients on the network could infect files stored on its IBM i  IFS file structure.

Further, if you do not take care with the configuration of your IFS security, then it is possible that ransomware attacks may affect files stored in the IFS of an IBM i server.  An extreme example of this is that an IBM i has its root ('/') shared on Netserver with a guest user configured that has *ALLOBJ authority.   In such extremely poorly configured systems then the IBM i objects could be corrupted.

But, it is not all bad news, far from it!  Whilst you need to spend some time configuring security on an IBM i server, it is (in my opinion) the most securable operating system in the world.  Not only is the operating system built with security in mind, but it is now easier than ever to secure using the Navigator for i interface.  Added to that, IBM i has a function call Authority Collection Services that answers the million-dollar question, "What security does a user actually need to do their job?"  Authority Collection Services comes with your IBM i by default and at no extra cost.

IBM i also has other security functions built into its database to aid data protection and integrity; these include but are not limited to, Immutable Journals, Commitment control, Row Column Access Control and Temporal Tables. 

Finally, IBM i has one more unique weapon to help you keep your system secure; these are called Exit Points. You can use this functionality to build an extra layer of security whose only limitation is your imagination. 

In summary, no system is secure by default, not even IBM i but if you put some time in, you can make it as secure as you like.

Hi everyone, I hope you enjoy my first blog here, it all started with this question. Can it really be infected?
Mostly because I thought that it couldn't be infected and that the IBM i was not vulnerable to a Win/Linux malware.

Malware and IBM i

The point is that an IBM i today doesn't run anymore or has serious issues if you would corrupt the IFS (especially /QIBM directories).

In combination with modern (and more common to hackers) access methods like SSH and profiles that have too much authority makes an IBM vulnerable as well.

Being a rather small platform with a good QSYS file system gives us some spare time but if one would really target you I think it can be more dramatic than on Windows.

Hi Alejandro 

Your question is an interesting one, and the answer really depends on your definition.   For example, if you are solely using classic IBM i "/QSYS.LIB" file structure, then there is a strong argument that IBM i is immune to such Malware.  

But, if you use your IBM i on a network where you share files with devices running other, using functions like NetServer, RSYNC, etc, then you could turn your IBM i server into an infected host, even if the programs running on it were not affected.  If this were to happen, then other clients on the network could infect files stored on its IBM i  IFS file structure.

Further, if you do not take care with the configuration of your IFS security, then it is possible that ransomware attacks may affect files stored in the IFS of an IBM i server.  An extreme example of this is that an IBM i has its root ('/') shared on Netserver with a guest user configured that has *ALLOBJ authority.   In such extremely poorly configured systems then the IBM i objects could be corrupted.

But, it is not all bad news, far from it!  Whilst you need to spend some time configuring security on an IBM i server, it is (in my opinion) the most securable operating system in the world.  Not only is the operating system built with security in mind, but it is now easier than ever to secure using the Navigator for i interface.  Added to that, IBM i has a function call Authority Collection Services that answers the million-dollar question, "What security does a user actually need to do their job?"  Authority Collection Services comes with your IBM i by default and at no extra cost.

IBM i also has other security functions built into its database to aid data protection and integrity; these include but are not limited to, Immutable Journals, Commitment control, Row Column Access Control and Temporal Tables. 

Finally, IBM i has one more unique weapon to help you keep your system secure; these are called Exit Points. You can use this functionality to build an extra layer of security whose only limitation is your imagination. 

In summary, no system is secure by default, not even IBM i but if you put some time in, you can make it as secure as you like.

Hi everyone, I hope you enjoy my first blog here, it all started with this question. Can it really be infected?
Mostly because I thought that it couldn't be infected and that the IBM i was not vulnerable to a Win/Linux malware.

Malware and IBM i

Hi Paul,

I think that you are right, I saw several customers suffering Ransomware attacks, and it was an ordeal for them.

Have you had a chance to read the article I posted on the first comment?
Any feedback would be greatly appreciated.

Thanks!!!

The point is that an IBM i today doesn't run anymore or has serious issues if you would corrupt the IFS (especially /QIBM directories).

In combination with modern (and more common to hackers) access methods like SSH and profiles that have too much authority makes an IBM vulnerable as well.

Being a rather small platform with a good QSYS file system gives us some spare time but if one would really target you I think it can be more dramatic than on Windows.

Hi Alejandro 

Your question is an interesting one, and the answer really depends on your definition.   For example, if you are solely using classic IBM i "/QSYS.LIB" file structure, then there is a strong argument that IBM i is immune to such Malware.  

But, if you use your IBM i on a network where you share files with devices running other, using functions like NetServer, RSYNC, etc, then you could turn your IBM i server into an infected host, even if the programs running on it were not affected.  If this were to happen, then other clients on the network could infect files stored on its IBM i  IFS file structure.

Further, if you do not take care with the configuration of your IFS security, then it is possible that ransomware attacks may affect files stored in the IFS of an IBM i server.  An extreme example of this is that an IBM i has its root ('/') shared on Netserver with a guest user configured that has *ALLOBJ authority.   In such extremely poorly configured systems then the IBM i objects could be corrupted.

But, it is not all bad news, far from it!  Whilst you need to spend some time configuring security on an IBM i server, it is (in my opinion) the most securable operating system in the world.  Not only is the operating system built with security in mind, but it is now easier than ever to secure using the Navigator for i interface.  Added to that, IBM i has a function call Authority Collection Services that answers the million-dollar question, "What security does a user actually need to do their job?"  Authority Collection Services comes with your IBM i by default and at no extra cost.

IBM i also has other security functions built into its database to aid data protection and integrity; these include but are not limited to, Immutable Journals, Commitment control, Row Column Access Control and Temporal Tables. 

Finally, IBM i has one more unique weapon to help you keep your system secure; these are called Exit Points. You can use this functionality to build an extra layer of security whose only limitation is your imagination. 

In summary, no system is secure by default, not even IBM i but if you put some time in, you can make it as secure as you like.

Hi everyone, I hope you enjoy my first blog here, it all started with this question. Can it really be infected?
Mostly because I thought that it couldn't be infected and that the IBM i was not vulnerable to a Win/Linux malware.

Malware and IBM i

I read your article and appreciate your effort to raise awareness around this topic (the Fortra plug made me smile 😊). That said, I felt you got a bit carried away when describing the webshell/Putty "exploits" - there are, after all, plenty of other methods that antivirus solutions won't catch either.

That being said, IBM i - like any other system - can absolutely be compromised if not properly secured. And by opening it up to modern tools and programming languages, the level of expertise required to mitigate such risks only increases.

Hi Paul,

I think that you are right, I saw several customers suffering Ransomware attacks, and it was an ordeal for them.

Have you had a chance to read the article I posted on the first comment?
Any feedback would be greatly appreciated.

Thanks!!!

The point is that an IBM i today doesn't run anymore or has serious issues if you would corrupt the IFS (especially /QIBM directories).

In combination with modern (and more common to hackers) access methods like SSH and profiles that have too much authority makes an IBM vulnerable as well.

Being a rather small platform with a good QSYS file system gives us some spare time but if one would really target you I think it can be more dramatic than on Windows.

Hi Alejandro 

Your question is an interesting one, and the answer really depends on your definition.   For example, if you are solely using classic IBM i "/QSYS.LIB" file structure, then there is a strong argument that IBM i is immune to such Malware.  

But, if you use your IBM i on a network where you share files with devices running other, using functions like NetServer, RSYNC, etc, then you could turn your IBM i server into an infected host, even if the programs running on it were not affected.  If this were to happen, then other clients on the network could infect files stored on its IBM i  IFS file structure.

Further, if you do not take care with the configuration of your IFS security, then it is possible that ransomware attacks may affect files stored in the IFS of an IBM i server.  An extreme example of this is that an IBM i has its root ('/') shared on Netserver with a guest user configured that has *ALLOBJ authority.   In such extremely poorly configured systems then the IBM i objects could be corrupted.

But, it is not all bad news, far from it!  Whilst you need to spend some time configuring security on an IBM i server, it is (in my opinion) the most securable operating system in the world.  Not only is the operating system built with security in mind, but it is now easier than ever to secure using the Navigator for i interface.  Added to that, IBM i has a function call Authority Collection Services that answers the million-dollar question, "What security does a user actually need to do their job?"  Authority Collection Services comes with your IBM i by default and at no extra cost.

IBM i also has other security functions built into its database to aid data protection and integrity; these include but are not limited to, Immutable Journals, Commitment control, Row Column Access Control and Temporal Tables. 

Finally, IBM i has one more unique weapon to help you keep your system secure; these are called Exit Points. You can use this functionality to build an extra layer of security whose only limitation is your imagination. 

In summary, no system is secure by default, not even IBM i but if you put some time in, you can make it as secure as you like.

Hi everyone, I hope you enjoy my first blog here, it all started with this question. Can it really be infected?
Mostly because I thought that it couldn't be infected and that the IBM i was not vulnerable to a Win/Linux malware.

Malware and IBM i

Thanks a lot for reading! As I said, this is my first article and I'm never sure if anything I write is any good 😊

"...there are, after all, plenty of other methods that antivirus solutions won't catch either." Yes, indeed, and this is scary. That's why you also need a perimetral defense solution or write your own exit programs, we are on a position where the IBM i is available to more people, that can rent an LPAR in the cloud and just play, something that you could not do some years ago, and that increases the risks.

The thing about the Webshell is that I was convinced that it would not affect the IBM i, but seeing this piece of code being able to extract files and run commands without credentials was a bit crazy for me, I honestly was not expecting it. When I first saw those infections, I warned the customers as it was not the regular 20-year-old worm that I normally find, but that level of compromise was beyond my expectations.

When you say Fortra plug, do you refer to the Antivirus?

I read your article and appreciate your effort to raise awareness around this topic (the Fortra plug made me smile 😊). That said, I felt you got a bit carried away when describing the webshell/Putty "exploits" - there are, after all, plenty of other methods that antivirus solutions won't catch either.

That being said, IBM i - like any other system - can absolutely be compromised if not properly secured. And by opening it up to modern tools and programming languages, the level of expertise required to mitigate such risks only increases.

Hi Paul,

I think that you are right, I saw several customers suffering Ransomware attacks, and it was an ordeal for them.

Have you had a chance to read the article I posted on the first comment?
Any feedback would be greatly appreciated.

Thanks!!!

The point is that an IBM i today doesn't run anymore or has serious issues if you would corrupt the IFS (especially /QIBM directories).

In combination with modern (and more common to hackers) access methods like SSH and profiles that have too much authority makes an IBM vulnerable as well.

Being a rather small platform with a good QSYS file system gives us some spare time but if one would really target you I think it can be more dramatic than on Windows.

Hi Alejandro 

Your question is an interesting one, and the answer really depends on your definition.   For example, if you are solely using classic IBM i "/QSYS.LIB" file structure, then there is a strong argument that IBM i is immune to such Malware.  

But, if you use your IBM i on a network where you share files with devices running other, using functions like NetServer, RSYNC, etc, then you could turn your IBM i server into an infected host, even if the programs running on it were not affected.  If this were to happen, then other clients on the network could infect files stored on its IBM i  IFS file structure.

Further, if you do not take care with the configuration of your IFS security, then it is possible that ransomware attacks may affect files stored in the IFS of an IBM i server.  An extreme example of this is that an IBM i has its root ('/') shared on Netserver with a guest user configured that has *ALLOBJ authority.   In such extremely poorly configured systems then the IBM i objects could be corrupted.

But, it is not all bad news, far from it!  Whilst you need to spend some time configuring security on an IBM i server, it is (in my opinion) the most securable operating system in the world.  Not only is the operating system built with security in mind, but it is now easier than ever to secure using the Navigator for i interface.  Added to that, IBM i has a function call Authority Collection Services that answers the million-dollar question, "What security does a user actually need to do their job?"  Authority Collection Services comes with your IBM i by default and at no extra cost.

IBM i also has other security functions built into its database to aid data protection and integrity; these include but are not limited to, Immutable Journals, Commitment control, Row Column Access Control and Temporal Tables. 

Finally, IBM i has one more unique weapon to help you keep your system secure; these are called Exit Points. You can use this functionality to build an extra layer of security whose only limitation is your imagination. 

In summary, no system is secure by default, not even IBM i but if you put some time in, you can make it as secure as you like.

Hi everyone, I hope you enjoy my first blog here, it all started with this question. Can it really be infected?
Mostly because I thought that it couldn't be infected and that the IBM i was not vulnerable to a Win/Linux malware.

Malware and IBM i

The webshell is nothing more that an web application that runs in a certain user context... just like any other web application.

You can as well write this as a CGI program in Apache, or even standalone in RPG with sockets so you don't even need a webserver.

------------------------------
Paul Nicolay

Original Message:
Sent: Fri October 24, 2025 06:34 AM
From: Alejandro Lazzaro
Subject: Malware and IBM i. Can it really be infected?

Thanks a lot for reading! As I said, this is my first article and I'm never sure if anything I write is any good 😊

"...there are, after all, plenty of other methods that antivirus solutions won't catch either." Yes, indeed, and this is scary. That's why you also need a perimetral defense solution or write your own exit programs, we are on a position where the IBM i is available to more people, that can rent an LPAR in the cloud and just play, something that you could not do some years ago, and that increases the risks.

The thing about the Webshell is that I was convinced that it would not affect the IBM i, but seeing this piece of code being able to extract files and run commands without credentials was a bit crazy for me, I honestly was not expecting it. When I first saw those infections, I warned the customers as it was not the regular 20-year-old worm that I normally find, but that level of compromise was beyond my expectations.

When you say Fortra plug, do you refer to the Antivirus?

------------------------------
Alejandro Lazzaro

Original Message:
Sent: Fri October 24, 2025 06:11 AM
From: Paul Nicolay
Subject: Malware and IBM i. Can it really be infected?

I read your article and appreciate your effort to raise awareness around this topic (the Fortra plug made me smile 😊). That said, I felt you got a bit carried away when describing the webshell/Putty "exploits" - there are, after all, plenty of other methods that antivirus solutions won't catch either.

That being said, IBM i - like any other system - can absolutely be compromised if not properly secured. And by opening it up to modern tools and programming languages, the level of expertise required to mitigate such risks only increases.

------------------------------
Paul Nicolay

Original Message:
Sent: Fri October 24, 2025 05:44 AM
From: Alejandro Lazzaro
Subject: Malware and IBM i. Can it really be infected?

Hi Paul,

I think that you are right, I saw several customers suffering Ransomware attacks, and it was an ordeal for them.

Have you had a chance to read the article I posted on the first comment?
Any feedback would be greatly appreciated.

Thanks!!!

------------------------------
Alejandro Lazzaro

Original Message:
Sent: Fri October 24, 2025 02:57 AM
From: Paul Nicolay
Subject: Malware and IBM i. Can it really be infected?

The point is that an IBM i today doesn't run anymore or has serious issues if you would corrupt the IFS (especially /QIBM directories).

In combination with modern (and more common to hackers) access methods like SSH and profiles that have too much authority makes an IBM vulnerable as well.

Being a rather small platform with a good QSYS file system gives us some spare time but if one would really target you I think it can be more dramatic than on Windows.

------------------------------
Paul Nicolay

Original Message:
Sent: Fri October 24, 2025 02:38 AM
From: Steve Bradshaw
Subject: Malware and IBM i. Can it really be infected?

Hi Alejandro 

Your question is an interesting one, and the answer really depends on your definition.   For example, if you are solely using classic IBM i "/QSYS.LIB" file structure, then there is a strong argument that IBM i is immune to such Malware.  

But, if you use your IBM i on a network where you share files with devices running other, using functions like NetServer, RSYNC, etc, then you could turn your IBM i server into an infected host, even if the programs running on it were not affected.  If this were to happen, then other clients on the network could infect files stored on its IBM i  IFS file structure.

Further, if you do not take care with the configuration of your IFS security, then it is possible that ransomware attacks may affect files stored in the IFS of an IBM i server.  An extreme example of this is that an IBM i has its root ('/') shared on Netserver with a guest user configured that has *ALLOBJ authority.   In such extremely poorly configured systems then the IBM i objects could be corrupted.

But, it is not all bad news, far from it!  Whilst you need to spend some time configuring security on an IBM i server, it is (in my opinion) the most securable operating system in the world.  Not only is the operating system built with security in mind, but it is now easier than ever to secure using the Navigator for i interface.  Added to that, IBM i has a function call Authority Collection Services that answers the million-dollar question, "What security does a user actually need to do their job?"  Authority Collection Services comes with your IBM i by default and at no extra cost.

IBM i also has other security functions built into its database to aid data protection and integrity; these include but are not limited to, Immutable Journals, Commitment control, Row Column Access Control and Temporal Tables. 

Finally, IBM i has one more unique weapon to help you keep your system secure; these are called Exit Points. You can use this functionality to build an extra layer of security whose only limitation is your imagination. 

In summary, no system is secure by default, not even IBM i but if you put some time in, you can make it as secure as you like.

------------------------------
Cheers, Brad.
Steve Bradshaw
IBM Champion, Member of CEAC, TD of i-UG.co.uk and Friendly Techie at RowtonIT.com

Original Message:
Sent: Thu October 23, 2025 08:15 AM
From: Alejandro Lazzaro
Subject: Malware and IBM i. Can it really be infected?

Hi everyone, I hope you enjoy my first blog here, it all started with this question. Can it really be infected?
Mostly because I thought that it couldn't be infected and that the IBM i was not vulnerable to a Win/Linux malware.

Malware and IBM i

-------------------------------------------


------------------------------
Alejandro Lazzaro
------------------------------

Hi Alejandro 

Your question is an interesting one, and the answer really depends on your definition.   For example, if you are solely using classic IBM i "/QSYS.LIB" file structure, then there is a strong argument that IBM i is immune to such Malware.  

But, if you use your IBM i on a network where you share files with devices running other, using functions like NetServer, RSYNC, etc, then you could turn your IBM i server into an infected host, even if the programs running on it were not affected.  If this were to happen, then other clients on the network could infect files stored on its IBM i  IFS file structure.

Further, if you do not take care with the configuration of your IFS security, then it is possible that ransomware attacks may affect files stored in the IFS of an IBM i server.  An extreme example of this is that an IBM i has its root ('/') shared on Netserver with a guest user configured that has *ALLOBJ authority.   In such extremely poorly configured systems then the IBM i objects could be corrupted.

But, it is not all bad news, far from it!  Whilst you need to spend some time configuring security on an IBM i server, it is (in my opinion) the most securable operating system in the world.  Not only is the operating system built with security in mind, but it is now easier than ever to secure using the Navigator for i interface.  Added to that, IBM i has a function call Authority Collection Services that answers the million-dollar question, "What security does a user actually need to do their job?"  Authority Collection Services comes with your IBM i by default and at no extra cost.

IBM i also has other security functions built into its database to aid data protection and integrity; these include but are not limited to, Immutable Journals, Commitment control, Row Column Access Control and Temporal Tables. 

Finally, IBM i has one more unique weapon to help you keep your system secure; these are called Exit Points. You can use this functionality to build an extra layer of security whose only limitation is your imagination. 

In summary, no system is secure by default, not even IBM i but if you put some time in, you can make it as secure as you like.

Hi everyone, I hope you enjoy my first blog here, it all started with this question. Can it really be infected?
Mostly because I thought that it couldn't be infected and that the IBM i was not vulnerable to a Win/Linux malware.

Malware and IBM i

Hi everyone, I hope you enjoy my first blog here, it all started with this question. Can it really be infected?
Mostly because I thought that it couldn't be infected and that the IBM i was not vulnerable to a Win/Linux malware.

Malware and IBM i

Hi everyone, I hope you enjoy my first blog here, it all started with this question. Can it really be infected?
Mostly because I thought that it couldn't be infected and that the IBM i was not vulnerable to a Win/Linux malware.

Malware and IBM i

Hi again,
sorry - I missed that there was an article :-D - great work!!!

Hi everyone, I hope you enjoy my first blog here, it all started with this question. Can it really be infected?
Mostly because I thought that it couldn't be infected and that the IBM i was not vulnerable to a Win/Linux malware.

Malware and IBM i