Akamaitechnologies - malware?
I work at a university with a good network and admins. Their intrusion detection system blocked my MAC address with this snippet of an explanation:
MALWARE TRAFFIC DETECTED: 2015-02-05-00:32:30 UTC [**] [1:2020347:3]CUSTOMSEC -- AUTOBLOCKSAFE -- CURRENT_EVENTS Chaintor/Tordal User-Agent spotted downloading payload [**] [Classification: A Network Trojan was Detected] [Priority: 1] {TCP} w.x.y.z:49262 -> 72.246.81.207:80
72.246.81.207 is owned my Akamai Technologies. I started monitoring traffic and found each time I launch Safari, my system generated a lot of web traffic to akamaitechnologies.
It's unclear exactly what is being downloaded. Here's an article that suggests it's for QuickTime delivery and other "stuff" http://superuser.com/questions/462495/whats-all-this-deploy-akamaitechnologies-c om-traffic I haven't found an explanation on why Akamai wants to phone home EACH TIME Safari is run.
It's a bit suspicious that the IDS alert came from a totally different subnet. Both are owned by Akamai, but the block suggests a different infrastructure.
CIDR 72.246.0.0/15 - IP address caught by IDS
CIDR 23.0.0.0/12 - Safari traffic
I had a friend close/reopen Safari on his MBP and we found his computer made similar connections to Akamai on the 23/12 network but not the 72.246/15 network.
So ... Did the IDS generate a false positive? Is Akamai serving Apple sanctioned content with viruses? Or is my system infected independently by someone leveraging Akamai? Opinions welcome. I'm 50/50 on reinstalling my OS.
I'm running Yosemite which was, at the time, up to date minus Combined 10.10.2 (a week out of date). No AV.
x86, Mac OS X (10.5.1)
