-
September 10th, 2003, 12:15 PM
#1
Cant get rid of Spyware (Akamai Tech)
Hi Ao'ers,
Ok im really angry. Cant figure this out.
Ive run Ad-Aware and Spy-Bot and Trend Micro OfficeScan, manually looked through the registry (although im not 100% on what im looking for), and am at a total loss.
My Win2000 workstation keeps listening / opening a connection to these addresses:
a194-176-73-151.deploy.akamaitechnologies.com
213-161-66-139.akamai.com
213-161-66-160.akamai.com the port numbers all appear to be in the 112x's
The IP addresses seem to be randomized but all from 'Akamai Technologies' what or whoever they are.. The ports being used have so far been random but ranged from 1126 upto 1168
Im pretty sure it isnt a Trojan, Infact Im almost positive that its some sort of Spyware / Adware thing which probably is of low threat to me.
BUT as i'm sure you'll all understand.... I didnt put there. And I want the damn thing gone.
Did some Googling on Akami Technologies: (with and without a space between)
Main website http://www.akamai.com/
Akamai provides what is commonly known as content peering, the task of optimizing large and complex networks and keeping large sites up and serving content, applications and streaming media at usable rates. Akamai's FreeFlow service delivers content via its global network utilizing sophisticated algorithms developed by M.I.T. researchers. The service continuously monitors Internet conditions to discover the optimal "edge server" and delivery route for each request. Akamai's Digital Parcel Service (DPS) combines enhanced content delivery with digital rights management capabilities to form a licensed digital media content distribution system.
Ok so great we've now discovered that they do Controlled Content Delivery (which im pretty sure could be con-strewed as Cookie makers)
Interestingly im not the only one out there with this problem:
<URL>http://www.derkeiler.com/Newsgroups/...2-12/0319.html</URL>
<URL>http://www.incidents.org/archives/in.../msg01369.html</URL>
<URL>http://www.hardcoreware.net/forum/pr...ead.php?t=8800</URL>
<URL>http://www.infosecwriters.com/projec...gs/11_6_02.htm</URL>
Here are some links dating from 2001 to 2003.
They're all having the same problem as me but no one seems to have solved it.
Im beginning to think that Akamai Technologies are either being spoofed / have some dodgy clients or are a very very shady outfit.
Its all a bit weird... This Spywre hasn’t given me any popups or anything.
In only know about it because I ran Netstat to check something.
1) How do I get them off my poor Win2000 machine??
2) Anyone got similar stories?
Theres cookies (the chocolate kind) for anyone that can solve this.
Cheers
V$D$
(Attached is the Netstat log)
I remember when Nihil was ickle. Does that mean I'm old?
-
September 10th, 2003, 12:32 PM
#2
Hi,
VicE$Do$,
I underastand that Akamai are providing upgrade services to a number of "legitimate" software houses, including Micro$oft. Sort of sub-contracting or outsourcing? I keep seeing myself getting re-routed when I do manual updates.
Have you got "auto-update" switched on for any of your applications? This may be the culprit, particularly as you have already run the sensible spy/botware tests and drawn a blank?
Just a thought
Cheers
-
September 10th, 2003, 12:47 PM
#3
Junior Member
Do you have these connections throughout the duration your online session?
Anyone please correct me if I'm wrong, but I don't think connections to akamai necessarily mean active spyware. I thought that ad content was only part of what they do, along with legitimate online services.
-
September 10th, 2003, 02:11 PM
#4
Add these lines to your hosts file (c:\winnt\system32\drivers\etc\hosts):
127.0.0.1 a194-176-73-151.deploy.akamaitechnologies.com
127.0.0.1 213-161-66-139.akamai.com
127.0.0.1 213-161-66-160.akamai.com
these connections come from the webpages you load. im really talked out on this subject so for an explanation search this site for akamai.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
September 10th, 2003, 03:18 PM
#5
Blocking akamai is like blocking everything from Microsoft.. Unless I'm not wake-up this morning (I been told like 10 times at jobs), Microsoft use Akamai for MSN et Windows Update alot...
Edit : Check this thread http://www.antionline.com/showthread...hreadid=248289 . The guy block Akamai in is Firewall and cannot do a WindowsUpdate anymore.
-
September 10th, 2003, 03:42 PM
#6
sorry to be so abrupt before but i need to be at hq 9:30. Lots I mean lots of streaming ads come from akamai servers. blocking ad servers will not block update servers. i use my hosts file to block every adserver i come accross. its kinda of a ritual with me.
i wanted to illustrate to you that these urls came from external sources and not from adware and are nothing to worry about unless you like your bandwidth... you pay for it, you decide how its used.
SDK is right though norton also uses akamai for there updates so you have to be carefull not to block them but over 90% of their servers are nothing but ad servers. if you want a good example go to zdnet and do a netstat. add those akamai servers to your hosts file and try again.
it brings my heart joy to see those boxs say "404 page not found" where their would be a streaming ad and place holders where there would be banners.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|