Is Ultrtasurf safe to use or not?

Discussion in 'Spyware' started by Jagg, Jun 13, 2011.

  1. Jagg

    Jagg Guest

    Back in 2009 there were some claimns about it being a Chinese gov. trojan
    but it is still avaialbe and there is no new info on it since 2009.

    Malwarebytes and a few others claim it is a trojan but the majority of AV
    does not. All the big names scanners do not detect it as a trojan. It was
    scanned at virus total and got something like 5 postiives out of 41
    scanners. That is not very convincing numbers so what's the real deal with
    UltraSurf? Was it just a competitors smear campaing or what?

    http://www.ultrareach.com/

    http://en.wikipedia.org/wiki/Ultrasurf
     
    Jagg, Jun 13, 2011
    #1
    1. Advertisements

  2. Jagg

    Dustin Guest

    You'd have to be more specific. A logfile sample would be of great value.
    Or, better yet, you should post to the malwarebytes forum. you can find
    it here:

    http://forums.malwarebytes.org/
     
    Dustin, Jun 13, 2011
    #2
    1. Advertisements

  3. Jagg

    Jagg Guest

    I see Softpedia used to host it but no longer do and the same with CNET.
    Either someone has done a good smear camnpaign on it or it really is a
    trojan. I would like to know 100% one way or another. I do have a MBAM log
    file but is it on another PC right now and will post it later. Here are
    some links of interest though and you could dload Ultrasurf and scan it
    yourself because it does warrant investigation due to the fact there are
    probably thousands of people using it with no idea it may be a trojan
    because most AV does not flag it as such.

    http://www.ultrareach.com/usercenter_en.htm

    http://www.how-to-hide-ip.info/2009/01/12/is-ultrasurf-a-trojan/

    http://www.rosoftdownload.com/download/windows/ultrasurf/
    "RoSoftDownload.com team has tested UltraSurf against viruses, spyware,
    adware, trojan, backdoors and was found to be 100% clean of any form of
    malware..
    Our editors will test this application periodically to assure that it
    remains clean.
    Click the link below to view the entire antivirus report."

    http://www.wilderssecurity.com/showthread.php?t=288844
    "I have been using UltraSurf for years and never had a problem. Recently,
    NOD32 reports it as :

    UltraSurf 10.04.exe - a variant of Win32/Packed.Themida potentially
    unwanted application

    I have sent it for analysis but that doesn't help my case.

    Can someone confirm what is this?

    Answer is NO. It is packed with Themida software. Actually Themida is a
    software protection product designed to prevent software from being
    "cracked" and does use encryption, therefore, is very difficult for any
    anti-virus to confirm one way or another if its malware.

    Un-fortunately, Themida is highly used by virus writers, keylogger writers,
    etc., to conceal their malware. That is why Anti-Virus vendors detect
    Themida packed application as PUA. You have to be sure if the application
    packed with Themida is legit application or actually a malware. If you are
    absolutely sure that packed application is legit then go for it else keep
    one hand distance from that application."

    http://www.wilderssecurity.com/showthread.php?t=237184&highlight=UltraSurf
    "As many of you are aware, there was a thread about dissecting Ultrasurf.
    We found significant malware behavior, and worst of all we found that
    ultrasurf promotes man in the middle attacks by allowing any ssl cert, even
    mismatched and self-signed certs and preventing the user from seeing a
    popup about it.

    Ultrasurf is designed to be a free http proxy tool, and it is somewhat, but
    this is a cover for it to be a virus / malware that is nearly stealth and
    undetectable to normal virus scanners because of it's heuristic avoidance
    and encrypted payloads.

    At this time we recommend everyone to delete ultrasurf and download a free
    copy of VBA32 antivirus which will correctly identify it, as all other
    antivirus software does not."
     
    Jagg, Jun 13, 2011
    #3

  4. Apparently this is grey area software. An annonymizing proxy client that has been used
    maliciously (to what extent I do not know).

    http://www.virustotal.com/file-scan/report.html?id=977ad551cf91339042406eccbed808a0ebe0f693f82e0dd90ea266430d772198-1307934742
     
    David H. Lipman, Jun 13, 2011
    #4
  5. Jagg

    Jagg Guest

    and this...

    http://www.threatexpert.com/reports.aspx?find=ultrasurf&x=11&y=9
     
    Jagg, Jun 13, 2011
    #5
  6. Jagg

    Jagg Guest


    After further investigation I see the same app can be found using a couple
    of program names too so I guess I should treat it with suspicion but I have
    found plenty of posts that claim it is not malicious too and just looks
    that way because of how it works.

    How about your-freedom?

    https://www.your-freedom.net/index.php?id=home
     
    Jagg, Jun 13, 2011
    #6
  7. Sorry, I don't make policies.
     
    David H. Lipman, Jun 14, 2011
    #7
  8. Drop me an email and I'll give you another option. Just remove ~nospam~.
     
    David H. Lipman, Jun 14, 2011
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.