Hi all,
A new client has a Sophos UTM which was never kept up to date, the CPU kept hitting 100% and they received an abuse warning indicating they have outgoing DNS requests to known botnet C&C servers.
After investigating, we have found malware on the UTM appliance itself. Our assumption is this is due to the CVE-2020-25223 vulnerability. We can clearly see the malicious script generated in the /tmp/ folder.
Does anyone know if there is a way to AV scan the internal OS of the appliance itself, or do you agree it's simply wiser to rebuild the UTM and redo ALL the VPNs etc.
Thanks!
This thread was automatically locked due to age.
