Hi All,
So I have a Sophos UTM in bridge mode that basically inspects traffic then passes it to the router an Asus N66U. The UTM does not do routing.
About a month ago I started getting Command and Control notices from the UTM. After some research, it seems my IP is trying to connect to a domain by the name of: worldtvpro.zapto.org.anbdyn.info
After some googling I found out that teh worldtvpro.zapto.org doamin is owned by a company in Reno NV called Vitalwerks Internet Solutions, LLC which from their site appears to offer DYNDNS like serivces.
Im having a hard time trying to pinpoint where this 'infection' is coming from, all nodes on my network have been scanned with Malwarebyres Pro, Hitman Pro and the default Sophos AV. Im fairly certain my machines are ok but I dont want to label this a false positive until I can be sure. Ive read from some Sophos posts that sometimes software phoning home can trigger it but the hard part is the Sophos logs only report my public IP and no an internal so I cant see if anything with a private IP is trying to call out somewhere.
I do run Kodi with some plugins so this seemed like a likely cause but even with the PC off the alerts are still generated and the system has been scanned with no results.
Sophos classifies it as a C2/Generic-A. This is the link is gives as support but isnt really of any help.
http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/C2~Generic-A
Any suggestions is appreciated.
This thread was automatically locked due to age.
