× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. February 2021

Re: Malware

The number one vector for this sort of attack is the netserver. Admin shares an IFS Directory tree on IBM i. Users have that mapped to their workstation. Doesn't matter Win/Mac/Linux all can get virus. Virus executing on that workstation reaches through the share to update those files.

In the 'old days' mostly what got updated were executable objects which meant that the next user could expect to get the virus as well. More often today though it's encrypting of those objects, leaving behind a breadcrumb file 'Hey I infected this directory, here's where to pay me so I can give you a decryption key.'

While it's not impossible for this virus to actually run on IBM i, that's not thus far been seen in the wild.

To reduce the risk, do these things.

1) Do not share the root of IBM i.
2) Run an antivirus program on IBM i.
3) Do not share the root of IBM i.
4) Use Read Only shares where possible.
5) Do not share the root of IBM i.
6) Lower the authority level of those using mapped drives, for example don't give those users *ALLOBJ.
7) Do not share the root of IBM i.
8) Lower the permissions on the objects in those shared directories.
9) Do not share the root of IBM i.
10) Assure you are backing up your IFS to tape where it cannot be encrypted.
11) Do not share the root of IBM i.
12) Journal the ifs and save the receivers giving you a recovery point right up to the point of infection.
13) And finally, do not share the root of IBM i.

- DrF

On 2/28/2021 4:56 AM, frank boke wrote:
how did the malware infect, .txt or .pdf or ?

On Fri, Feb 12, 2021 at 3:11 PM Larry "DrFranken" Bolhuis <
midrange@xxxxxxxxxxxx> wrote:

THat's what happens when you get old Bill. :-)



Seriously though there will be all sorts of that especially when parents

buy cars for kids to go off to college or even when they are away AT

college and never even see the thing! "Wait what? I bought a 73 Pinto?"

LOL!



- L



On 2/12/2021 1:14 PM, Bill Hansen wrote:

I was rather surprised by a similar "quiz" from my bank this week when

applying for a PPP loan. The closing was all online and the bank

subcontracts the document signing to a third party (Docusign). I failed

the first pass at identifying myself. I think it was the fourth

question, where I failed to identify a condo I bought to house a

daughter during her days as a college student in Chicago. She is now

41. After getting in touch with the bank, I got another chance to

play. I had to identify a previously owned car from a list. I guessed

at "1993 Dodge Caravan" and won the prize of 2 weeks of my 1993 salary.

Cheers!





--

IBM Champion for Power Systems



www.iInTheCloud.com - Commercial IBM i and Power System Hosting

www.iDevCloud.com - Personal IBM i Hosting

www.Frankeni.com - IBM i and Power Systems Consulting.

--

This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list

To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx

To subscribe, unsubscribe, or change list options,

visit: https://lists.midrange.com/mailman/listinfo/midrange-l

or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx

Before posting, please take a moment to review the archives

at https://archive.midrange.com/midrange-l.



Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.



Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com




As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.