ultrareach.comは安全ですか？

***** On Trojaner-Board, a user has tested UltraSurf with several anti-virus tools and it seems that UltraSurf is also seen as a threat by: CAT-QuickHeal 10.00 - (Suspicious) – DNAScan F-Secure ***** - Backdoor.Win32.Agent.uwi Kaspersky ***** - Backdoor.Win32.Agent.uwi Prevx1 V2 - Malware Downloader *****

Their program contains malware: See these articles in french: ***** ***** They also update their trojan to evade detection by antiviruses. This is a shady firm. Do not trust it.

This site may infect your computer. Blacklisted by ***** Refer: ***** If you find any discrepancy with my rating/comment or want me to re-review your site, just leave me a Board message: *****

it seems this software actually spies on you and does a lot of things it doesn't say it does. Observation of UltraSurf at work reveals that it also automatically attempts to make HTTPS encrypted connections to unrelated servers, says Kyle Williams, security director of XeroBank, an Internet privacy vendor, who has researched the software. Among the sites it has probed without user intervention is acquisitions.army.mil, he says, a U.S. Army URL UltraReach hasn't responded to a request left at its Web site for an interview about the software. UltraSurf does some other puzzling things. For instance, if one of the HTTPS requests hits an invalid URL, the request is redirected to UltraSurf’s page. “How does it know I got an invalid server if the traffic is really end-to-end encrypted?” Williams says. UltraSurf has an auto-update feature that uses Google Reader RSS feeds to receive a Google Docs URL where it downloads encrypted payloads. Williams says he thinks the payloads are lists of target addresses for the software to probe. UltraSurf doesn’t launch any attacks, but seems to be doing Internet reconnaissance, Williams says. Reconnaissance traffic sent by earlier versions of the software had Trojans attached that set off alerts from mainstream anti-virus software. Wilders security points out They give you a 1-hop proxy but use your system to launch attacks against financial institutions, government and energy websites, education, etc. Now here is the scary thing, if you are logged into one of these domains, like your bank, then they can get access to your authenticated session / cookie and potentially break right into your account, THROUGH YOUR OWN COMPUTER. It gets better, any site you visit using the program, the turn off SSL cert checking so they can perform MITM and watch your entire session and logins. It is also capable of auto-updating, and spiders into your system when you install it, capturing not only IE but now Firefox and DNS and most other traffic. So everything you are doing, they have access to and may be logging and using against you.