Hi,
I have a Cisco Firepower module installed in my Cisco 5585 firewall. I have started getting these messages over the last week but dont know where they originate from
Subject: **Auto Generated Email** -- [1:31600:1] "BLACKLIST DNS reverse lookup response for known malware domain spheral.ru - Win.Trojan.Glupteba" [Impact: Vulnerable]
[1:31600:1] "BLACKLIST DNS reverse lookup response for known malware domain spheral.ru - Win.Trojan.Glupteba" [Impact: Vulnerable] From "firepowerw.MYNETWORK.net" at Wed Aug 16 14:32:13 2017 UTC [Classification: A Network Trojan was Detected] [Priority: 1] {udp} 1.2.3.4:53 (united kingdom)->192.1.2.3:21941 (unknown)
This is a dns address external to my network from my internet provider - 1.2.3.4:53
This is on my dmz - 192.1.2.3:21941 (unknown) - its an ISA server
any ideas where to start
thanks, Kevin