We have ESXi version5.0 machines which are managed by Vcenter installed on Win2008 R2 server. We have a network monitoring system which monitors all traffic between Vcenter and ESXi. Lately we have observed large files moving between ESX service console IP to Vcenter server. After analysing these files, it seems to be malware files (trojan, viruses etc). The Vcenter server communicates with ESX service console at TCP port 902 and the service console seems to be sending these malware files back from ESX to Vcenter. After extracting these files from the network monitoring system, our antivirus triggers indicating various kind of viruses, trojan etc.
The Vcenter has antivirus installed which didn't detect any virus installed on the server after a full scan. This is very strange. We have shut-down the vcenter and we need to monitor traffic for a few days to see how it goes.
Did anyone in the community encounter similar issues before? I would appreciate any feedback because its scary!!!
Thanks a lot