Hi,
I just starting using Core FTP Lite today, and my firewall reports that Core FTP attempts to connect to several different sites, which I did a domain-lookup on, they are:
#1:
deploy.akamaitechnologies.com (the IP/DNS number keeps changing, but a lookup of the numbers always resolves to deploy.akamaitechnologies.com). I did a Google search for deploy.akamaitechnologies.com, and can't see any reason why Core FTP should be attempting to connect to that since I am *not* downloading anything!
#2:
mail.coreftp.com (is this a CALL-HOME thing?)
If *any* of those connections are blocked, Core FTP *refuses* to connect to *my* site's server, with the message "SFTP connection error - Host not found, Can't establish connection" to *my* site! I don't see what deploy.akamaitechnologies.com and mail.coreftp.com have to do with *my* site.
However, if those strange spyware/call-home/whatever connections are allowed, then the connection to my server proceeds as normal.
It seems that each time I quit and restart Core FTP, then try to log onto my server, Core FTP tries to connect to a *different* site - in fact, the mail.coreftp.com site didn't come up until about the 10th restart.
I might be able to tolerate the mail.coreftp.com call-home thing, *but* the deploy.akamaitechnologies.com seems totally unwarranted and unnecessary.
What's going on?
Is it spyware, or ??? I did all the usual anti-spyware and a/v scans and nothing turned up.
Core FTP had previously (quite a while ago) been recommended by one of the pages at my webhost as being a good SFTP app. I was hoping I could use Core FTP, but *not* if it requires accessing sites such as deploy.akamaitechnologies.com when I do *not* need to download anything.
As I already mentioned, it's *not* possible to simply block those sites, because when I block them, then Core FTP won't even connect to *my* site.
I would appreciate any ideas as to what's going on - thanks in advance.
Maria
Too weird - is Core FTP sypware?
That sounds reasonable.CP wrote:I can assure you it's not the Core FTP application that is doing it - there's absolutely no spyware, call-home, or other backdoor techniques in the program.
If you're familar with netstat, could you post the list of connections? You might be misinterpreting some of them as Core FTP's connections. Or if you can provide the list of connections made with your firewall software, that'd work too.
You could possibly have a virus that attaches itself to other executables and is called on startup.
Seems that I may owe you an *apology* for my blaming Core FTP for the problem, since a few hours later after I posted, I noticed that *other* internet apps had *also* started showing similar connection attempts to akamaitechnologies.com as well as other sites - even my main browser (and several other browsers) and PocoMail and even Lynx were trying to connect to those sites! This was evident also in viewing the ZoneAlarm Security Suite logs - anytime I connected to the internet, regardless of what app it was, those weird connection attempts appeared.
I'd installed some *other* new software earlier that day (several HTML editors and text editors that I wanted to try out - not freebies or anything, I thought they were well-known and safe but maybe not), but I didn't like any of them and they all got uninstalled (at least, I *thought* they'd all been uninstalled).
The thing is, though, I hadn't dialed up to my ISP yet - I was testing those other apps strictly *offline*.
I'd blamed Core FTP because it was the first app to exhibit that behavior, since I hadn't dialed up to my ISP during all that time when testing those other apps.
So the virus or whatever could have been waiting in the background for me to go online so it could do its thing.
Core FTP just happened to be the first victim to go online, that the virus could, as you said, 'attach itself to.'
Not too long after that I did another antivirus/antispyware scan with the newest ZoneAlarm Security Suite, but Zonealarm crashed during a scan (that can't be a good sign). I shut the PC off and started it up again later. I ran a bunch more tests, including the ZoneAlarm scan again (didn't crash that time) but I noticed that the ZoneAlarm *logs* had completely *disappeared* - no trace of any earlier entries - which sounds a bit suspicious since I have it set to hold 300 entries (must be a very clever virus), then I ran AVG Anti-spyware, Lavasoft Ad-aware SE, HijackThis, Spybot Search & Destroy, AVG Anti-Rootkit. None of them found anything, well except the HijackThis log which I have no idea how to interpret correctly.
Aha - so that's what's going on. Thank you for explaining that. (I'm new to the PC platform and am still learning with a long ways to go it seems)CP wrote:The mail.coreftp.com showing up as a connection out could also suggest that the virus is reading through your email program's list of email addresses and sending out spam to them. Also, connections out to deploy.akamaitechnologies.com might indicate that a virus is simulating clicking on ads from your computer to generate revenue.
Right now, I'm posting this from a different computer . (I'll deal with the problematic computer later, I have good backups and I'll probably just format and reinstall, but meanwhile I'm not using it)
I'm glad I posted also, otherwise I would have just assumed it was Core FTP, when it might have been (probably was) something else instead. All my PC downloads come from either Download.com or the developers' websites, but some of those *other* apps I installed could have been to blame as mentioned above.CP wrote:I'm glad you're posting about it though in case someone is distributing a version of Core FTP that contains spyware. The only two places you should ever download Core FTP from are CoreFTP.com or Download.com.
Thanks again for the reply and for helping me to understand what's going on
and again, my apologies for my jumping to conclusions about Core FTP which is probably innocent.Maria