Ultrasurf Is Malware

Discussion in 'privacy technology' started by SteveTX, Mar 25, 2009.

Thread Status:
Not open for further replies.
  1. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,614
    Location:
    European Union
  2. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    Yes, I gather that attackers apparently compromised Google and other recent targets through a zero-day IE exploit. However, I gather that they provided poisoned URLs to key users in personalized phishing emails. That was apparently also the case in previous attacks last year. I'm guessing that they identified key users from targets' websites.

    That reminds me of Ultrasurf behavior that Steve described (connecting in the background to various corporate and government sites). I'm not saying that they're connected. Correlations can be dangerous. And even if they are connected, I'm not saying whether Ultrasurf was in on the attack, or was just another victim. FWIW, some previous victims apparently kept quiet.

    Anyway, this isn't about any political beliefs I might have re China. I'm just curious.
     
  3. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Hey Steve, where is your company's little application that can supposedly crack Tor wide open? You said you were going to "release it soon" and this was 6 months ago.

    Tick tock, we're waiting. :rolleyes:
     
  4. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,614
    Location:
    European Union
    LOL, Tor can't be "cracked" open. It's working principle is well known, and also it's design vulnerabilities. It's just Steve trying to scare Tor users, hoping they will start using XB...
     
  5. S.B.

    S.B. Registered Member

    Joined:
    Jan 20, 2003
    Posts:
    150
    Let me get this straight:

    "gather" + "gather" + "apparently" + "guessing" = "reminds me" = "dangerous correlations"

    Honestly, the thing that seems dangerous here is speculation; and that speculation founded only on other speculation founded in turn on more speculation... ad nauseam, is being used as a scare tactic to promote a product.

    For my part, I wonder. If a product has true intrinsic value, and is priced close to that value, why would phony scare tactics be needed to promote the product?

    __
     
  6. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    I find it rather disconcerting that shills for various companies are allowed to use these forums to hawk their products. I have no problem with people wanting to make an honest buck, but this is not the place to do it. The advice given by Steve and people like him is never objective and we end up with threads such as this where a company shill accuses another of being malicious whilst using convenient excuses like "can't reveal how I know" or "you just have to take my word," etc.

    And I find it humorous Steve would use a Tor developer as a source when he incessantly bashes Tor (with no basis, mind you).
     
  7. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    OK, OK. If there's no new evidence, there's nothing to discuss.

    However, evidence for security software being tools of and/or compromised by attackers is always worth discussing, IMHO.

    And BTW, S.B., if you read the articles and reports that I linked to, you'll see that my summary -- which you parodied as ''' "gather" + "gather" + "apparently" + "guessing" ''' -- is hardly at all speculative. What's speculative is any connection with Ultrasurf.

    Also, I'm not promoting XeroBank. I posted to this thread because it's about Ultrasurf, not because Steve started it. If evidence for XeroBank being evil were posted, I'd be exploring that too, for sure.

    Finally, chronomatic, I suspect that you're referring to <http://deanonymizer.com/>. FWIW, I believe that <http://decloak.net/> is more thorough.
     
  8. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,614
    Location:
    European Union
    What about them? I tested Tor against them, and it was all OK. I don't know about other anonymity providers, so I can't speak for them. What I found amusing is that the test from deanonymizer.com doesn't even start with NoScript active in Firefox :)
     
  9. S.B.

    S.B. Registered Member

    Joined:
    Jan 20, 2003
    Posts:
    150
    -> hierophant

    That was no parody. "gather", "gather", "apparently", "guessing", and "reminds me", were your words. The repeated and amplified speculation you employed to arrive at your endpoint was downright scary. And with all of that, you arrive at an endpoint of "correlations" you deem to be "dangerous". This is nothing more than a pile of sand on a foundation of sand. Speculation. Nothing more. Nothing less.

    [Edited] To clarify. You have a postulate, and only a postulate. Perhaps there is evidence for your postulate. Perhaps there is proof of your postulate. However, without proof, a postulate remains a postulate, i.e., an assumption without foundation, i.e., speculation. [end edit]
     
    Last edited: Jan 17, 2010
  10. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    Congratulations! My XeroBank setup passes both too. If any y'all find one that's tougher, please share it. Re the deanonymizer.com test, did you click on "here" in "The scan will begin in 30 seconds. If it does not, click here to proceed"?
     
  11. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    @S.B.

    What about my summary do you dispute? Has it not been reported that the attackers compromised Google and other recent targets through a zero-day IE exploit? Has it not been reported that they provided poisoned URLs to key users in personalized phishing emails? Was it not reported that previous attacks also employed personalized phishing emails?

    None of that is speculation on my part. And although the sources that I cited may include speculation, I don't believe that any of what I've just recapitulated is speculative. And if it is, I'm open to correction.

    I admit that I'm speculating that attackers identified key users from targets' websites. Or perhaps I read that somewhere. I don't recall. In any case, wouldn't that be a good strategy?

    I also freely admit that any connection to Ultrasurf was pure speculation on my part. I had, and have, no intention of slandering Untrasurf, and I apologize for anything I've said that's come across that way. I was just asking whether anyone had heard anything. In particular, I was in part poking Steve to see whether recent events might permit him to provide additional evidence for his warnings.

    Also, if any y'all can recommend a better anonymity provider than XeroBank, or point to defects in XeroBank other than spotty customer support, please do. I am actively looking, and you can count on me to share what I find.
     
    Last edited: Jan 17, 2010
  12. S.B.

    S.B. Registered Member

    Joined:
    Jan 20, 2003
    Posts:
    150
    Far as I'm concerned, we're good, and you're good+ (which btw I guess makes me "good-"; since ["good" - "good+" = "good-"] by my calculations). If it were up to me, I'd change the "To err is human..." saying to read, "To err is human, to admit error divine."

    Best regards.

    __
     
    Last edited: Jan 17, 2010
  13. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    @S.B.

    Hey, we're all good. Thanks :)
     
  14. Sam Hell

    Sam Hell Registered Member

    Joined:
    Aug 13, 2007
    Posts:
    44
    Location:
    my desk
    Hi. techsupportalertdotcom recently released an update of favorite security apps. Guess who has top bill on
    (probably)-best-free-security-list-world in the Privacy/Anonymous Browsing Tools catagory?

    Is Ultrasurf a communist botnet already poised to take down the West?
    Or are the US gov and other institutional IPs noticed supporters of Chinese insurrection? And if so, are all users
    caught up in a big indiscriminate net, all data retained for future misuse as a future bad legislation may allow?
    Is "To Serve Man" really just a cookbook?

    The answer to these and similar questions are as far above my pay-grade as some of the more technical explanations
    in this thread are above my comprehension. I post this because while I do not always agree with Gizmo's fav
    freeware picks, personal preferences often being subjective, I'll wager thousands more people go to Gizmo
    for freeware than come here to spend bleary-eyed hours reading pages-long threads debating the finest
    nuances of internet security sw. Waning activity on this thread indicates that the general expert consensus
    on Ultrasurf remains to be "back away", unless I've missed something. If I have not, has Gizmo perhaps?
    I know he has friends at Wilders, experts who might give him a heads up on a controversial sw if not a
    possibly critical threat that is listed as highly recommended free sw on his site?

    Just a random thought, such as I may someday learn are probably best kept to myself. But not today.:doubt:

    Regards, S.H.
     
  15. Lazuraz

    Lazuraz Registered Member

    Joined:
    Apr 1, 2010
    Posts:
    2
    I apologize in advanced for a mini thread revive if this bothers anyone here.

    I just registered here and I'm familiar with ultracrap and it's abilities to infiltrate anything it comes across. But what I'm wondering is (for those of us with personal at home firewalls) couldn't people have just signed in there, checked the ports/IPs accessing the network and figured out "Well that is NOT good!" Since what I'm understanding from what you are all explaining, you use ultrasurf, other computers who have used it collaborate with your computer and attack website X right?

    So what I'm saying/asking is... Why not just check the personal firewall for unknown IPs? That's if you have one and know what you're doing.
     
  16. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Ultrasurf acts by spidering into your browser. If you have told your personal firewall to allow traffic from your browser application without bothering you about it, you will never see the attacks.
     
  17. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    Hypothetically speaking, if I ran Ultrasurf in the shadow mode by Shadow Defender, untrusted by DefenseWall, sandboxed by Sandboxie and with a realtime anti-keylogger on my system, would it still be able to do any damage?
     
  18. Lazuraz

    Lazuraz Registered Member

    Joined:
    Apr 1, 2010
    Posts:
    2

    Ah okay good, well I haven't used it at home at all so safe there too. I was just curious considering the amount of times it's been used at our school this year. Every student (or almost every Senior at my High School) had it on their account and I'm guessing that's probably why the PC computers in every room ran so slow.

    Alright, that explains quite a lot to me then. Safe at home, but I don't think my school knows about it's actions. :doubt:

    Great work Steve and whoever else helped you. Fantastic investigation.
     
  19. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Absolutely. It turns off SSL certificate checking in your browser and because it makes you depend on its network, it could potentially redirect you to a fake paypal site, bank site, etc. or just simply man-in-the-middle your connection and steal the credentials, then phone home the credentials by way of a covert channel, such as the encrypted google RSS feeds it gets its attack targets from.
     
  20. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,979
    @SteveTX

    Wow didn't know that :shifty:

    How would/does this affect normal browsing if it was installed, but not running/active ?
     
  21. RoamMaster

    RoamMaster Registered Member

    Joined:
    Oct 1, 2006
    Posts:
    50
    I don't understand how anyone can seriously make the statement that bank and military logins are just normal randomized traffic.

    It would be like if someone grabbed my wallet out of my pocket while I'm passing by. Hey, maybe they aren't trying to rob me. Maybe he's just looking for a nice gift idea for his dad :D

    Yeah I'm sure that's it guys :cautious:
     
  22. stlolth

    stlolth Registered Member

    Joined:
    Jun 10, 2010
    Posts:
    2
  23. livre

    livre Registered Member

    Joined:
    Jun 3, 2010
    Posts:
    11
    And the package with evidence?


    I found a site that goes to a zip file on this topic, clicking it over internet explorer can not open.



    Wanted to see what is wrong ... Ultrasurf


    While not using'm curious.
     
  24. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,327
    Location:
    Here, There and Everywhere
    It's either one of the most well-hidden scams ever with the accusations getting very little serious attention, or truly brilliant programming in circumventing the Great Firewall of China with all the misdirections. Which it is, who knows?
     
  25. lolerosx

    lolerosx Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1
    So ultrasurf is said to steal your IP and use it for bad stuff.....
    Well Ultrasurf is a proxy, so what if i use a VPN and use ultraSurf?
    Will ultrasurf steal the VPN's IP instead of mine?

    Like proxy chaining or something but with a VPN?
     
    Last edited: Jun 14, 2010
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.