[isalist] Re: UPX packed executables - Akamai technologies
- From: Jim Harrison <Jim@xxxxxxxxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 13 May 2009 09:18:39 -0700
What are the requests?
You're right -= "from Akamai" is pretty meaningless since their whole business
is hosting other folk's content.
Jim
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Neil Cassidy
Sent: Tuesday, May 12, 2009 5:53 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] UPX packed executables - Akamai technologies
Ok, here is my dilemma, not even sure how to word this question - I have a
Sonicwall with gateway anti-virus that is (just in the last 2 weeks) flagging
hundreds of daily occurrences of UPX packed executables, all from Akamai
technologies websites. I believe these are probably legitimate updating
services, but cannot tell for sure. My ISA 2004 server only shows the external
NIC IP address and a port number in the logs (and of course the external
information), I cannot tell what if any program is trying to access the
websites and download the files. Anyway I can get more information on this? I
have no idea if it is something on the server or a workstation, as it only
shows the external NIC IP address.
Other related posts:
