My firewall keeps on getting trigged by Australia Perth Akamai Technologies Inc on brand new machine that I've just set up for a client. I installed Norton on that machine as per client request.
Does anyone know if this is a real attack?
Here's the threat:
INDICATOR-COMPROMISEContent-Type text/plain containing Portable Executable data
if It is a real attack at least you know the MX is doing its job in blocking and letting you know!
Let's take a look what this message is: https://www.snort.org/rule_docs/1-38619
"This event is generated when a Content-Type header reports plaintext, but there is Portable Executable data detected."
It's rather unusual for a file pretending to be plaintext but to be executable at the same time. There's a relatively high probability that this was a real attack, but to be sure, one would have to investigate further.
You can get further information at https://www.virustotal.com/gui/file/fc25709c4e05dbfbcc6ae0cf8a7c06e80156ae05179203021838259aeda9801a...
What is great about the community...you can always learn! Thank you for the post, great knowing how to get more details on the alert from snort.org