Gateway Anti-Virus Alert: Kryptik.MOH (Trojan) blocked

I'm getting tons of messages from our Sonicwall firewall about the same blocked trojan. They're not coming from the same public IPs. The attack initiates on port X2(WAN) to X5(DMZ) SMTP.domain.com.

Is it safe to ignore or there is something else that I should check.


Thank you!
Alan DalaITAsked:
Who is Participating?
 
gheistCommented:
If you can fingerprint those mails you could search few days back before first detection (like scan all mailboxes and user copies thereof where they could be affected)
0
 
gheistCommented:
So somebody sends you viruses....
0
 
btanExec ConsultantCommented:
Likely similar from a spam campaign with trojanised attachment
- see http://www.sonicwall.com/us/en/esblogs.html?id=23

Since that they are "knocking" on various services and port interface as well, and gateway detected that, (hopefully) the rule is dropped them by default (under virus category). It should not reached your email server (in DMZ). Nonetheless, note these indicator of compromise(s) from such infected machine internally ... such as the DNS callback etc (good to check out the email srv and dns server log)  
http://software.sonicwall.com/applications/gav/index.asp?ev=v&v_id=47333
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.