UltraSurf

Yes there are really conflicting views of UltraSurf! A article from networkworld 2009, (http://www.networkworld.com/news/2009/073109-blackhat-ultrasurf.html) suggests that the software is somehow a part of the chinese information surveillance..

Wired (if you live in the U.S., you probably know already what that is) wrote an article about the guys who made UltraSurf two months ago.

This isn't really proof for either side of the argument, but I think this is interesting enough to point out.

I talk with Ola and he was ok to re-add the link to UltraSurf, BUT WE STILL WARN THE USERS THAT THERE ARE SUSPICIONS THAT IT MAY BE MALWARE (his words).

To me the claims sound dubious since nobody has really picked up on the issue, and now several months have passed already. Even though it sounds like FUD to me, I would still not risk using it personally ;)

Suggestion:
Edit the description to something like

"WARNING: SUSPECTED OF MALICIOUS BEHAVIOR - read below"
Then follow with a description of the software, and move the forum links and a short summary to after the program description.

What do you think?

So we have to "absolve" this app for "lack of evidence"... maybe it's correct... what does the jury say? :S

I scanned over the discussion thread and the claim that is has malicious behavior is still disputed. Most of what I summarize here has already been said in previous comments.

SteveTX voiced the following major issues with the software: 1. the software connects to websites of financial and government institutions, and uses your PC for attacks against them. 2. It disables SSL certificate checks and allows man-in-the-middle attacks, allegedly stealing authentication credentials 3. It hooks into the web browser to disguise its behavior, and uses sophisticated compression to hide program components.

The relevant posts are:
http://www.wilderssecurity.com/showpost.php?p=1514487&postcount=106
http://www.wilderssecurity.com/showpost.php?p=1516779&postcount=134

To me it seems that there is suspicious behavior but no real proof for the claims that it is actually used as a botnet to carry out attacks. In the second post (134) SteveTX actually limits his accusations to pointing out the suspicious behavior, more or less admitting that there is no proof for the alleged malicious behavior.

Looking at Venom88's link to Virus Total shows that only two of the major antivirus vendors flag UltraSurf as malicious. NOD32 explicitly identifies it as Win32/UltraReach, McAfee seems to detect it only through it's heuristic engine - maybe finding the runtime compression suspicious.

I personally can't make a decision based on these statements. It seems that UltraSurf is a rather sophisticated piece of software, and neither side can bring sufficient proof in its favor or agains

I scanned the installation file of UltraSurf with VirusTotal and it reported positive results from 5 antivirus!

Here the scan result: http://www.virustotal.com/it/analisis/a598c451e2cf72b3519804147f9539b46e33ebdc7479adcc78e450a32c8c4bac-1279815124