vSphere

utopia.net malware in startup process. |VMware Communities


Apologies if this is in the wrong section.

 

I have a Dell PowerEdge T130 I bought specifically to run multiple VMs on ESXi. Specifically, pfSense and FreeNAS, plus any other OS that I need to install in the future. The purpose of this is to have one machine act as a router (pfSense), NAS (FreeNAS), etc. This was connected to a Netgear Nighthawk R7000 flashed to DD-WRT and was essentially a subnet for all my devices. I enabled Promiscuous Mode to allow the manual installation/configuration of FreeNAS jails (manually assigning local IPs). This setup worked fine for several months when suddenly, I started having internet connection issues. I discovered the culprit is utopia.net starting up as a process in ESXi. I’m not sure how it became a startup process, but I reinstalled a fresh copy of ESXi on a new flash drive and reinstalled the VMs from scratch. The only stuff that persisted from the previous installation was my ESXi activation code and the FreeNAS dataset. After completing the new setup, the utopia.net malware was present immediately. At this point, I have the following theories as to how utopia.net survived a new installation:

– it’s embedded in BIOS

– it’s in the FreeNAS dataset

– Netgear Nighthawk router

– activation code??

 

The PowerEdge T130 has the following specifications:

Intel Xeon processor E3-1200

4x4tb WD Red

StarTech 4 Port PCI Express 2.0 SATA III 6Gbps RAID Controller Card with HyperDuo SSD Tiering (PPEXSAT34RH)

16×2 DDR4 ECC (Crucial CT16G4WFD824A 16Gb Ddr4 2400 Mt/S Pc4-2400 Dimm 288Pin Dr X8 Ecc Unbuff Cl17)

pfSense VM

FreeNAS VM

Linux Mint VM

Windows 7 VM

OpenVPN OVA

 

I can’t think of anything else that would cause the malware to persist like this, so I am seeking out the knowledge/advice of others.



Source link

 

To see the full content, share this page by clicking one of the buttons below

Related Articles

Leave a Reply