Blue, I don't understand why you are always so mean to me. Why do you give me a warning whenever I say something here? Why do you give it to me only? I can't see any difference b/w my research and CaixFang's investigation to identify the guys behind Ultrasurf (CaixFang, sorry to bring it up, but no offense plz ). Also, I wonder why you think “Fulan” stuff is OT here? Did you read bonedriven's post? Accord to the post, “Fulan” ARE the guys behind Ultrasurf. OK, you might be right. Although I still don't agree that it's OT, it seems like I shouldn't have brought “Fulan” stuff up. It just obscured my point. What I really wanted to say as follows: I'm very interested in why Steve is being so quiet on this. Since he is always vocal about this kind of topic, I don't think that the threat he is implying here is as trivial as some have indicated here. It must be something bigger, like a organized crime or terrorist conspiracy level of threat. You may laugh at me, but remember: he said it would be jaw-dropping horrible, and, since his company provides VPN service, he should know how paranoid legit VPN users like me, who use a VPN to just surf anonymously,are. IMO, it's very irresponsible that an expert like him just scared a novice user like me this much (I haven't slept well since I first saw this thread. How may times do I have to say this?), but he wouldn't give anything specific about the threat and has ignored our questions like whether or not we should still be worried even after removing it from our PC or what the nature of the threat is. In case you have missed them, here they are: Thus, I believe we made our questions as easy to answer as possible. I don't understand why he keeps ignoring those questions. I’m beginning to suspect that … kareldjag, Thanks for your post. That's exactly what I wanted to mention but forgot to. Like you said, this software has been around quite a while, now. AV vendors has been aware of it for a long time. In fact, many of them used to identify it as malware. However, most of them have removed it from their DBs now, which seems to me that they modified the FPs. Behavior trying to bypass security restrictions could be a nightmare for network admins and so could be classified malicious but it is beneficial for legit anti-censorship/anonymous web users like those in China. Nebulus, Thanks for the info. The report seems to indicate Ultrasurf as malware. But, I'm no expert and I don't know how to read it. Is this result so terrifying that we would drop our jaw? Do you see why Steve cannot discuss it here? How about the results of Tor or JAP? I wish it would be what Steve is suggesting. But, I have a feeling that Steve is suggesting something bigger and I don't think Av vendors are not so incompetent.