For those that aren't familiar with Ultrasurf, the below is taken from their website:
Privacy
Protect Internet privacy with anonymous surfing and browsing -- hide IP addresses and locations, clean browsing history, cookies & more ...
Security
Completely transparent data transfer and high level encryption of the content allow you to surf the web with high security.
Freedom
UltraSurf allows you to overcome the censorship and blockage on the Internet. You can browse any website freely, so as to obtain true information from the free world.
This is mostly used in countries where internet censorship is still big, China, for instance. What they don't tell you is that they certainly do all that they say, but they also come along for the ride. The below information was released at Black Hat '09, a security convention held every year in Las Vegas, summed up by one of the people who spoke on the matter (link to his original post below):
"UltraSurf and Gtunnel and likely all products put out by the Global Internet Freedom Consortium / Internet Freedom.org, are infact secret trojans. They give you a 1-hop proxy but use your system to launch attacks against financial institutions, government and energy websites, education, etc. Now here is the scary thing, if you are logged into one of these domains, like your bank, then they can get access to your authenticated session / cookie and potentially break right into your account, THROUGH YOUR OWN COMPUTER.
Imagine if someone with a sensitive US position used ultrasurf. Suddenly their military login has been compromised. Not likely? They've been around twice as long as tor, and this exact thing happened on tor last year (see dan egerstadt).
It gets better, any site you visit using the program, the turn off SSL cert checking so they can perform MITM and watch your entire session and logins. It is also capable of auto-updating, and spiders into your system when you install it, capturing not only IE but now Firefox and DNS and most other traffic. So everything you are doing, they have access to and may be logging and using against you.
GIFC / Internet Freedom org are a huge scam. They are likely run by by a private chinese intelligence firm to monitor dissidents and us citizens while attacking critical infrastructure in the USA and Taiwan. They have fooled everyone for nearly a decade, and are seeking a $40m grant as an internet anti-censorship software.
We have proof, wireshark logs, video, live audit, and a list of their attack patterns. Special thanks to Moxie Marlinspike for assistance."
and in another post:
"I don't know about the particular behavior, but from what we have seen it is insidious: when you move, it moves. When you don't, it doesn't. That way it's evil behaviors go undetected and you only get notices that would coincide with things you are already doing on your computer. fun fact: when you run Ultrasurf it spiders into your system; check your reg settings, when you close the program it removes the evil traffic-capturing entries it made, leaving no trace. evil evil. very well written."
http://www.wilderssecurity.com/showthread.php?s=e9453864d890aeeca63b54b0b5f48d8e&t=237184&page=5
So what does this mean? If you've been using it or even if you have it installed, delete it. Most people who've used it, I imagine, are safe. But delete it, and quick! If you want to see the proof he mentions there's a download link in his post. This is as of August 30th, so it's not likely to be well documented anywhere yet, especially for as popular (and renowned) as Ultrasurf is. Scary stuff!
