Akamai dangerous intrusion

Discussion in 'malware problems & news' started by SystemJunkie, Nov 27, 2006.

Thread Status:
Not open for further replies.
  1. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    What are you thinking about this intrusion?

    Internet Speed slows down, Webside take longer time to load, Akamai intrusion is the reason, look at this:

    http://i10.tinypic.com/33lyuix.png

    Must be a superhidden thing.

    I use Unhackme, Process Guard Free, Sygate Firewall, but all of them show nothing special.
     
  2. Meltdown

    Meltdown Registered Member

    Joined:
    Sep 17, 2004
    Posts:
    299
    Location:
    Babylon
    Yep, it's a rootkit. Happy now? :)

    Try searching the forum.
     
  3. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    So you think it is usual that they open 10 or more ports? Sometimes even 20 Ports.
     
  4. KDNeese

    KDNeese Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    236
    I wouldn't jump to conclusions about it being a rootkit. Akamai is also a server for updating some security software. For example, if you have AVG (Or Ewido) Anti-Spyware, if you look at TCPView while it is updating, you'll find it is connecting to the Akamai server. It could be that you had some security software performing automatic updates when all those connections are made. Granted, it could also be some kind of malware, but I doubt it. If you look further at the Wiki article, you'll notice they also update Synmantec Security Software, and complete list of their customers can be found at their website, one of whom is Microsoft itself, and even the White House. Please don't make blanket statements saying something automatically is a rootkit and causing people unnecessary alarm unless you've thoroughly investigated the situation! Also, if you haven't disabled the automatic update features in IE (Not Windows Update, but the mechanism for IE updating itself), it will often use the Akami site to retrieve its own security updates, etc. Akamai is a legitimate business entity that provides services to big-name security companies. Does it make sense for them to jeopardize their business partnerships to install rootkits? I think the answer is fairly obvious.
     
  5. turion

    turion Registered Member

    Joined:
    Apr 5, 2006
    Posts:
    58
    never heard of sarcasm? :shifty:
     
  6. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    I have following security stuff like this on my system: Nod32, Gdata, SpyCatcher Express, Sygate Frw, but all of them are actually not in Autostart mode only for manual scanning. I mostly notice these massive connections when I go to yahoo webside. Longer time ago, GData found once a script virus from my html cached yahoo mailbox, very strange thing.

    I don´t trust too much this akamai thing, maybe they store lots of webside temporary, probably it´s a usual thing but why to hell they temporarily opened more then 20 iexplore connections to port 80. The strange thing is also that they use ports one after another 1,2,3,4...

    I don´t use automatic Microsoft Update.

    Here is the screens with 25 open Akamai connections, too much in my opinion:

    http://i14.tinypic.com/3ymexyo.png
     
  7. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    And it it were only 7 connections and not 20, would you be satisfied?
    Mrk
     
  8. yankinNcrankin

    yankinNcrankin Registered Member

    Joined:
    May 6, 2006
    Posts:
    406
    Simple Test, change your browser to Firefox or Opera and connect to the web like you do; i think you might be enlightened.
     
    Last edited: Nov 29, 2006
Thread Status:
Not open for further replies.