How to hide ip: Developer Denies Ultrasurf Is Malicious


How to hide ip: Developer Denies Ultrasurf Is Malicious

Developer Denies Ultrasurf Is Malicious

Posted: 29 Aug 2009 12:18 AM PDT

During last months rumors regarding Ultrasurf being a malware got stronger and stronger. Now, a developer from Ultrareach team explained the Ultrasurf strange behavior.

Ultrasurf is a proxy tool that is used to hide the IP address and masks where traffic is being sent to and received from. The main goal of Ultrasurf was to keep the Chinese government's Internet filters from detecting forbidden communication.

Lately, Ultrasurf was suspected to be a trojan due to its strange bevior and traffic sent to different locations. On Wilders Security Forum, SteveTX, member of XeroBank team, explained in detail what Ultrasur does and concluded:

UltraSurf and Gtunnel and likely all products put out by the Global Internet Freedom Consortium / Internet, are infact secret trojans. They give you a 1-hop proxy but use your system to launch attacks against financial institutions, government and energy websites, education, etc. Now here is the scary thing, if you are logged into one of these domains, like your bank, then they can get access to your authenticated session / cookie and potentially break right into your account, THROUGH YOUR OWN COMPUTER.

Last month, at the Black Hat security conference, Kyle Williams, security director of XeroBank, said that UltraSurf automatically attempts to make HTTPS encrypted connections to servers unrelated to the UltraSurf proxy network.

"How does it know I got an invalid server if the traffic is really end-to-end encrypted?" Williams says. He also noted these odd behaviors:

  • When the client appears to connect to an IP address within a private network, it probes sequentially close IP addresses as well.
  • When an UltraSurf client seeks a non-existent URL via HTTPS, it receives a response from an UltraSurf server
  • UltraSurf taps a Google Reader RSS feed for updates that Williams interprets as lists of targets for the software to probe.
  • Commercial anti-virus software detects UltraSurf as a Trojan.

David Tian, a scientist for NASA who works spare-time on UltraSurf, addressed each behavior, but the main idea was that UltraSurf does an ever-changing variety of strange things in order to fool the Great Firewall of China. The response from UltraSurf servers to attempts to reach non-existent URLs is due to the proxy network sending back a notification. It proxies all the communication including SSL so any response will be from a proxy.

This is done due to the fact that Chinese authorities monitor UltraSurf carefully and try to identify signatures that can be used to set filters, so the software sends out useless traffic to make noise that makes it difficult to characterize the legitimate traffic.

UltraSurf programmers play a cat-and-mouse game with Chinese censors trying to block its traffic, so the team working on it has to continually alter its methods to adapt to each innovation in the Great Firewall, Tian says. "We have a great understanding of the Great Firewall and how to defeat it."

[Via NetworkWorld]

Post from: How to hide ip

Developer Denies Ultrasurf Is Malicious

Related Posts:

  1. Q&A: Will UltraSurf influence my firewall protection against malware negatively?
  2. Ultrasurf 9.5 with “Green Tsunami” released
  3. UltraSurf – Ultra Easy To Hide Your IP


Post a Comment

Note: Only a member of this blog may post a comment.


©2009 Programming & Security | Template Blue by TNB

Vida de bombeiro Recipes Informatica Humor Jokes Mensagens Curiosity Saude Video Games Diario das Mensagens Eletronica Rei Jesus News Noticias da TV Artesanato Esportes Noticias Atuais Games Pets Career Religion Recreation Business Education Autos Academics Style Television Programming Motosport Humor News The Games Home Downs World News Internet Design Entertaimment Celebrities 1001 Games Doctor Pets Net Downs World Enter Jesus Mensagensr Android Rub Letras Dialogue cosmetics Genexus Só Humor Curiosity Gifs Medical Female American Health Madeira Designer PPS Divertidas Estate Travel Estate Writing Computer Matilde Ocultos futebolcomnoticias girassol lettheworldturn topdigitalnet Bem amado enjohnny produceideas foodasticos cronicasdoimaginario downloadsdegraca compactandoletras newcuriosidades blogdoarmario arrozinhoii sonasol halfbakedtaters make-it-plain amatha lisboaohyeah lasofia thebushrajr wingshock tripedes gorduravegetal dainfamia dejavu-transpersonal jsbenfica republicadasbadanas ruiherbon iranianforaryans eaystcheyl fotosdanadir ojosmasabiertos ceilasantos