Ultrasurf Is Malware

Blue,

I don't understand why you are always so mean to me. Why do you give me a warning whenever I say something here? Why do you give it to me only? I can't see any difference b/w my research and CaixFang's investigation to identify the guys behind Ultrasurf (CaixFang, sorry to bring it up, but no offense plz ).

Also, I wonder why you think “Fulan” stuff is OT here? Did you read bonedriven's post? Accord to the post, “Fulan” ARE the guys behind Ultrasurf.

OK, you might be right. Although I still don't agree that it's OT, it seems like I shouldn't have brought “Fulan” stuff up. It just obscured my point.

What I really wanted to say as follows:

I'm very interested in why Steve is being so quiet on this. Since he is always vocal about this kind of topic, I don't think that the threat he is implying here is as trivial as some have indicated here. It must be something bigger, like a organized crime or terrorist conspiracy level of threat. You may laugh at me, but remember: he said it would be jaw-dropping horrible, and, since his company provides VPN service, he should know how paranoid legit VPN users like me, who use a VPN to just surf anonymously,are.

IMO, it's very irresponsible that an expert like him just scared a novice user like me this much (I haven't slept well since I first saw this thread. How may times do I have to say this?), but he wouldn't give anything specific about the threat and has ignored our questions like whether or not we should still be worried even after removing it from our PC or what the nature of the threat is. In case you have missed them, here they are:

Thus, I believe we made our questions as easy to answer as possible.
I don't understand why he keeps ignoring those questions. I’m beginning to suspect that …

kareldjag,
Thanks for your post. That's exactly what I wanted to mention but forgot to.
Like you said, this software has been around quite a while, now. AV vendors has been aware of it for a long time. In fact, many of them used to identify it as malware. However, most of them have removed it from their DBs now, which seems to me that they modified the FPs.
Behavior trying to bypass security restrictions could be a nightmare for network admins and so could be classified malicious but it is beneficial for legit anti-censorship/anonymous web users like those in China.

Nebulus,
Thanks for the info. The report seems to indicate Ultrasurf as malware. But, I'm no expert and I don't know how to read it. Is this result so terrifying that we would drop our jaw? Do you see why Steve cannot discuss it here? How about the results of Tor or JAP? I wish it would be what Steve is suggesting. But, I have a feeling that Steve is suggesting something bigger and I don't think Av vendors are not so incompetent.

 

Steve,
Are you promoting your products after all?
If you care about your and your company's reputation, you had better give us something specific about the threat, Really.
You implied something to scare us off your competitor's product and didn't say anything specific about it.
Plus, you are usually very vocal (even overtalk and don't mind trashing them) when you blast your competitors. Why not this time?
You said you have a lot of proofs, and you said he can't say anything about them for now, months, or even years... Maybe forever, right? Seems like you have nothing!

If you hadn't disclosed the company he belongs to, I wouldn't have taken your accusation against Ultrasurf seriously at all. But, it is the only reason why I'm concerned about Ultrasurf.

Unlike some other users, I care little about things already pointed out here. I use Ultrasulf only because I want to be “nobody” while browsing my frequently visited websites. I care less about gov't agencies as I don't have anything to hide. I don't care very much if they are gathering user's info as I don't store any personal info on my PC, don't do online banking and I use Live CD Linux whenever I need to shop online.
BTW, wasn't Tor originally developed by the US Navy? Wasn't JAP backdoored by the German Police? Have you let WGA stay on your PC while suspecting that it might be sending your personal info back to MS?
Anyway, I don't care if a small number of (minor?) AVs have STILL detected it as malware for the reason I mentioned above.

So, your accusation is the only thing indicating that Ultrasrf might be a threat to me. It is all I have. I think it is very weak. Since you wouldn't give us anything to support the accusation, wouldn't tell us anything specific about what the threat really is,and wouldn't answer our questions at all(We made them really easy to answer. I can imagine not a single reason why you can't), I'm beginning to feel that I might actually nothing and I might fear something that doesn't really exist. It's too weak to ditch such software that has worked great for me for a long time(AFAIC, Ultrasurf works excellent performance wise. I hate to say this, but I'm assuming that it must be better than your product), while I know little about you. Besides, the thing I am relying on to decide to ditch the excellent tool is this week and now you are promoting your products, it looks to me like total … (Oops, I'd better stop here, since a mod seems to have it in for me ).

….....

I want to thank Steve and those responding to my posts in advance (I'm sure that Steve will answer our questions this time ), in case I don't come back and post here again.

I guess this is my last visit here, because, firstly, I realized that I had repeated myself over and over and over again, which has wasted a lot of my (and your?) time and resources of this forum.

The second ,and bigger reason, is because a mod here seems to have it in for me. It's very difficult to stay their forum, if a forum admin or mod hate you(when you are newbie there in particular).
Also,I'm sick and tired of getting a warning whenever I post something here. I don't understand why I'm the only one in this thread who has received a warning. I'm not saying that I think that somebody else also should've gotten a warning. I just feel it's unfair that I've gotten many warnings while anyone else hasn't(, especially when someone has called his competitor “crap”). I don't see any difference b/w my posts and the others.
Plus, It seems that the mod and I cannot communicate with and understand each other well. I really didn't understand why the mod was making such a big deal out of just an additional sentence to express how I was frustrated that Steve was ignoring our questions(, even though he had scared us a lot). The reason why I had to repeat myself over and over again here came from the fear that the mod would misunderstand me again.

I've also seen the word “FUD”used in this forum many times(Actually, I learned the word here), but I had never seen a warning issued for it. So, why can't I use the word as everyone else in this forum does? Why did the mod blame me for using the word in first place. Look at what Steve has done and hasn't done here. Doesn't that exactly fit the definition of the word? Yet, I didn't say that Steve's accusation is “FUD”. I just pointed out to Steve that it would look like it unless he did what I had requested.

I think that's all I wanted to say. I doubt this post will stay up long . I have a feeling that I will be banned soon. So, if I want to come back and post something here again, I might need Ultrasurf.

PS: In case you misunderstand me, I'm not trying to convince you guys that Ultrasurf is not malware or Steve is wrong or anything. In fact, Ultrasurf looks like real malware (I still might want it, as I love to use Chrome, though). I'd just like Steve to give us something concrete about his accusation against Ultrasurf, particularly about what the threat really is, and to answer our questions.

 

Theirs no need to be all paranoid about anything if you used it how your implying in your posts, I think if they were going to steal your passwords they would have already done it, theirs probably 10s of thousands of people using it, but as with any VPN provider, if your using it for illegal purposes, yes you should be paranoid!

But your just a legit user so you shouldn't have anything to worry about!

And no Ultrasurf is not Malware! It simply comes up as a false positive in retarded AV software that always calls False positives!

{Edit - Virustotal snapshot removed as per site policy. Suffice it to note that currently a minority of AV products flag Ultrasurf as malicious and half of those flags are of an "unwanted program" nature - Blue}

 

I saw Warlockz's post before logging off. This is really my last post, sorry.

Warlockz,
Thanks for your reply.

This is exactly what I was trying to say! That's why I still want to use it if the threat Steve is suggesting is what other people have already pointed out here.

 

He said he will post this proof "There is no shortage of proof" is what he said? when it is appropriate, as you see in his quoted message, I wonder whats taking so long?

If you are going to continue using it, just don't use it to log into your important accounts, if the accounts even let you log in wile using it? But you may want to wait, just because nothing happened before, doesn't mean nothing will happen in the future, so just hold your horses, and have a little patients, as he said he was going to post the proof of his accusations when it is appropriate!

Plus he didn't say stop using Ultrasurf and get Xerobank now, he said any alternative is better, so no he is not dissing Ultrasurf to advertise Xerobank!

 

I apologize that I am unable to provide you more information at this time, especially since I am a full-disclosure kind of guy. I continue to stand by what I've said, 100%: uninstall, erase it, do not run it even in a virtual machine. If you know anyone else using it, tell them to do the same. I cannot stress the severity enough. Suitable free substitutes are tor browser, xb browser, jondo browser, torvm, janusvm, xb machine, and you should always use https.

 

When people say things like this, it tends to reinforce my suspicion that there's something else going on than just some little ol' malware that might wreck your drive.

As I said, I've never used a proxy. Comments like the above make me want to just to see what might happen. Maybe I'll be visited by a couple of guys all dressed in black. Steve, no explanation necessary, but if I'm even close to being on the right track, how about just a 'nope' or 'maybe.'

 

Seriously, it seems as though some kind of gag order has come into play in this matter, whats the big secret people don't want us to know about Ultrasurf?

I don't use Ultrasurf, but yes I'm very interested in where this conversation is heading!

 

You and me both, Warlockz. I admit to maybe being too suspicious at times and a conspiracy theorist in some areas.

The fact that SteveTX comes here and says he cannot tell us why Ultrasurf needs to be removed, but it's imperative that anyone using ultrasurf needs to get rid of it like, yesterday. It says (to me) that there probably isn't malware in it. I think you and others have found that to be true.

Well, if there's no malware attached, what's the danger?

 

If this information is accurate (I'm not saying Steve is not telling the truth, just that he might be wrong - we are humans, after all ), then the danger of Ultrasurf is not that it contains malware. From what I saw, and from Anubis analysis, there is no behaviour that would pose any problem when running inside a VM. All that remains is the software's communication with the outside, which can give away information about you, connect with dangerous sites, report your browsing, and so on. That in itself should be reason enough to stop using Ultrasurf, but to be blunt, I don't like when somebody comes and says you shouldn't run a piece of software because (unknown) bad things will happen.

 

Is the Device access, Physical drive 0, NetBios, AFD indicative of malware activity?

 

Physical drive access is somehow related to SMART HDD parameters. Beats me why a piece of software would query a disk for it's SMART params, but I wouldn't qualify it as malware behaviour without more information. NetBIOS and AFD are normal for a program that is accessing and manipulating network params like Ultrasurf if doing. That alone can't be a definitive proof of malware intent.

 

As far as I'm concerned, just the fact that Ultrasurf is hopping through a lot of banks and govt sites is enough to keep me away from it.

It isn't that I don't trust my govt, but I don't trust my government.

Secondly, I don't want some agents of that entity knocking on my door and asking what I was doing snooping around this or that bank, or prowling through this or that Government site.

Finally, no government can be happy with the Internet. There is too much freedom. Part of every govt's function is control. When a billion people can talk and interact, it causes problems. It's similar to fraternizing with the enemy in time of war, and why soldiers are forbidden to do so. If you get to know your enemy, you might not want to fight him. You might realize it's the governments, not the people, who are the real enemies.

So, is there something in Ultrasurf that let's them watch, if they choose, where you go and what you do or say while in proxy? The makers of Ultrasurf seem pretty well funded. Where does the money come from?

 

Just Search UltraSurf is malware on Google. There are now 3 references to the behavior of this proxy. Prevx describes it as a trojan downloader , it obscures , makes changes to your cache & disk. It seems to be extremely dangerous. Trend Micro & Sophos also are calling it out as malware. Do what steve is urging GET RID OF IT. One description is telling it establishes it self as a HoneyPot and seems to transmit what it finds to Governments.

 

Who can you trust if you can't trust Softpedia!

 

Ha! If they are guaranteeing it, I would definitely like to know what you get if they are wrong.

 

Softpedia guarantees just about every software known to the Internets, their nothing but a large Free Downloads Encyclopedia of over 500,000 free and free-to-try software, they base their guarantee on a simple scan with a virus scanner, No they do not go into deep investigation like the users here do!

 

i have been sitting back and watching as you guys argue over whether or not this software is malware or something worse and i personally think it is very reckless and unprofessional for someone like steve to claim that this software is really bad and everyone should stop using it,especially without any proof.and to tell everyone to trust him and give it time and all will be revealed is a load of BS as far as i am concerned cause i have used US off and on for the last 6 months and monitored its behaviour and have never had a problem with it.mind you i would never use a free proxy to access my bank or credit card info but for just basic surfing needs i think it is more than fine.also if you realy want to hide yourself i have found you can run US thru either a pptp vpn or open vpn which would give you further protection in case some govt or group of hackers was trying to use you as part of a botnet or some clandestine conspiracy.who ever runs US would only see the ip of the vpn you are connecting to and to trace that would take a gargantuan effort that most people would not even bother,same goes for most govt's unless they have tied you to terrorism or a massive kiddie porn ring you have nothing to worry about people.and if you are using a free product like US to do illegal things well than you should be worried.honestly if you are going to do illegal stuff on the internet be smarter and always be running multiple proxies and vpn's together.this way it will be very hard for any one person or agency to track you down.

 

Can someone elaborate on this please?

 

That's a mantra I've heard too many times in my life. "If you aren't doing anything wrong, you have nothing to worry about." Usually, it's the Govt saying it, but I'm seeing it used by a lot of people these days.

I don't use proxies. If I did, I'd be using them for a reason, and I wouldn't want anybody seeing where I went - whether a warez site to steal software or music, to harass some person I don't like on a site, or something else.

It's kind of like sitting in your home talking on the phone, but suspecting somebody could be listening in. "Well, as long as you don't talk about anything bad, why should you care.........

It's called the Right to Privacy. It's why governments all over hate things like PGP and similar software. They can't break it. They don't like you, me or anybody else being able to talk to someone else without them being able to know what is said.

 

Enough freaking bickering already people. There are clearly 2 sides here, those who think its dangerous and think everyone should stay away, and those who, without concrete proof, in hand, will continue to believe it's not bad, or cant be any worse, or have nothing to lose.

Draw your lines where you want people, thats fine. But we dont need to argue about it. Providing [incidental] proof to either side makes for a good thread, but the ad nasuem bickering about the same proxy debates really have no value.

Independent of Steve's statement you have some information to look at, and make your own choice. At the least, take his statement out, do some research, and decide for yourself, but dont come back later crying if something does go wrong.

To me it is very clear why Steve will not or cannot say anything, either he is under order not too, or there is an ongoing investigation to which he is a part of or has inside knowledge of, and cannot speak details to jeopardize that.

Ironically, THAT is what bothers me the most, is if Steve has all these details, logs, etc, then how much monitoring is XB doing on their service to see these details...maybe, because of his companies standing, and knowledge in this area he was asked to help and analyze stuff, hopefully outside his network, but my biggest concern is did XB discover something about US via their system, and if so, how much data are the keeping/watching to have found out what US was up to.

I wanted to wait until all the info came out on US to pose that question, but at this point, I'm getting more and more curious, esp if XB is now working in cooperation with LE on this subject, and how are they cooperating in relation to XB's services.....

 

No worries. This issue with ultrasurf is unrelated and doesn't pose the slightest threat to the integrity of xb or it's clients; and nothing could dissuade me from taking action if that were the case.

 

well you see that is of a big concern to me and should be for anyone using xerobank.if you look at the website steve and his company specifally state that they deal 3 alot of 3 letter govt agencies and these contracts with these 3 letter govt agencies are probably worth millions of dolllars and that is why they can afford to offer one month for 1 to all us joeblows.but if one of these 3 leeter agencies goese to steve or xerobank and wants info on some joeblow paying 35/month who do you honestly think xerobank is going to side with.you or a a 3 letter govt agency paying them millions of dollars. i dont know about the rest of you but this is a little too much to just dismiss as coincidence that he and xerobank work so closely with the us govt.
and back to the US thing i myself have been part of several major investigations and if any major investigation into US was going on steve would not even be able to warn us because by doing so he would also be warning the people involved in the investigation and that could seriously jeopardize the feds investigation.they would strictly forbid him or anyone involved in the investigation from talking until charges were laid or they themselves made an anouncement.common sense people, think about it.

 

Steve has talent, knowledge and access. Who wouldn't in his situation, leverage their position to offer a service that fulfills a need for a profit.

Get in where you fit in!

Did they fill in the missing large primes yet?

 

Would this perhaps relate to this Ultrasurf issue ?

http://www.nydailynews.com/news/200...anian_nuke_plot_vaporized_in_the_city_-2.html

My jaw didn't drop, btw.