How to hide ip: Developer Denies Ultrasurf Is Malicious

---

Developer Denies Ultrasurf Is Malicious Posted: 29 Aug 2009 12:18 AM PDT During last months rumors regarding Ultrasurf being a malware got stronger and stronger. Now, a developer from Ultrareach team explained the Ultrasurf strange behavior. Ultrasurf is a proxy tool that is used to hide the IP address and masks where traffic is being sent to and received from. The main goal of Ultrasurf was to keep the Chinese government's Internet filters from detecting forbidden communication. Lately, Ultrasurf was suspected to be a trojan due to its strange bevior and traffic sent to different locations. On Wilders Security Forum, SteveTX, member of XeroBank team, explained in detail what Ultrasur does and concluded: UltraSurf and Gtunnel and likely all products put out by the Global Internet Freedom Consortium / Internet Freedom.org, are infact secret trojans. They give you a 1-hop proxy but use your system to launch attacks against financial institutions, government and energy websites, education, etc. Now here is the scary thing, if you are logged into one of these domains, like your bank, then they can get access to your authenticated session / cookie and potentially break right into your account, THROUGH YOUR OWN COMPUTER. Last month, at the Black Hat security conference, Kyle Williams, security director of XeroBank, said that UltraSurf automatically attempts to make HTTPS encrypted connections to servers unrelated to the UltraSurf proxy network. "How does it know I got an invalid server if the traffic is really end-to-end encrypted?" Williams says. He also noted these odd behaviors: When the client appears to connect to an IP address within a private network, it probes sequentially close IP addresses as well. When an UltraSurf client seeks a non-existent URL via HTTPS, it receives a response from an UltraSurf server UltraSurf taps a Google Reader RSS feed for updates that Williams interprets as lists of targets for the software to probe. Commercial anti-virus software detects UltraSurf as a Trojan. David Tian, a scientist for NASA who works spare-time on UltraSurf, addressed each behavior, but the main idea was that UltraSurf does an ever-changing variety of strange things in order to fool the Great Firewall of China. The response from UltraSurf servers to attempts to reach non-existent URLs is due to the proxy network sending back a notification. It proxies all the communication including SSL so any response will be from a proxy. This is done due to the fact that Chinese authorities monitor UltraSurf carefully and try to identify signatures that can be used to set filters, so the software sends out useless traffic to make noise that makes it difficult to characterize the legitimate traffic. UltraSurf programmers play a cat-and-mouse game with Chinese censors trying to block its traffic, so the team working on it has to continually alter its methods to adapt to each innovation in the Great Firewall, Tian says. "We have a great understanding of the Great Firewall and how to defeat it." [Via NetworkWorld] Post from: How to hide ip Developer Denies Ultrasurf Is Malicious Stumble upon something good? Share it on StumbleUpon Tweet This! Share this on del.icio.us Share this on Facebook Share this on Mixx Post this to MySpace Share this on Reddit Share this on Technorati Related Posts: Q&A: Will UltraSurf influence my firewall protection against malware negatively? Ultrasurf 9.5 with “Green Tsunami” released UltraSurf – Ultra Easy To Hide Your IP

You are subscribed to email updates from How to hide your ip To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google Inc., 20 West Kinzie, Chicago IL USA 60610