Ultrasurf by Ultrareach.net -> malware?
in [Viruses]
|
From: Virus Guy on 13 Dec 2009 22:11 Here's another anonymous web-surfing app that looks suspicious at VT: http://www.ultrareach.com/index_en.htm hxxp://www.ultrareach.com/downloads/ultrasurf/u98.zip 6 hits at VT: CAT-QuickHeal (Suspicious) - DNAScan Comodo Heur.Pck.EXECryptor McAfee+Artemis Artemis!D446A55E30E2 McAfee-GW-Edition Heuristic.LooksLike.Win32.SuspiciousPE.C PCTools Packed/Execryptor VirusBuster Packed/Execryptor Actual malware? Or fp?
From: FromTheRafters on 13 Dec 2009 22:16 "Virus Guy" <Virus(a)Guy.com> wrote in message news:4B25ACCE.14E7A147(a)Guy.com... > Here's another anonymous web-surfing app that looks suspicious at VT: > > http://www.ultrareach.com/index_en.htm > > hxxp://www.ultrareach.com/downloads/ultrasurf/u98.zip > > 6 hits at VT: > > CAT-QuickHeal (Suspicious) - DNAScan > Comodo Heur.Pck.EXECryptor > McAfee+Artemis Artemis!D446A55E30E2 > McAfee-GW-Edition Heuristic.LooksLike.Win32.SuspiciousPE.C > PCTools Packed/Execryptor > VirusBuster Packed/Execryptor > > Actual malware? Or fp? Did you unzip it and submit the exe?
From: Virus Guy on 13 Dec 2009 22:37 Ultrasurf and Freegate are sometimes mentioned together as software designed to allow users to get around web-surfing and blocking strategies as performed by some countries (China, various arab countries, etc). http://en.wikipedia.org/wiki/Freegate It seems that this is a grey area for AV/AM software. On one hand, you want to detect legit threats. On the other, you want to help thwart web-censorship by not flagging this software that does some very peculiar and suspicious things. It's not clear to me that this software will do what I'm looking for - which is to view rights-restricted streaming / multimedia content across certain national borders... If this is true - that most of this catagory of software is _really_ designed to get around the "great firewall of china", would it, say, allow someone in China to access and watch Hulu videos? Or just allow them to access the New York Times or CNN.com or the BBC?
From: Virus Guy on 14 Dec 2009 09:33 FromTheRafters wrote: > Thanks for the additional info. > > In my opinion, this is neither malware nor a false positive. Some additional material here: http://www.wilderssecurity.com/showthread.php?t=237184 How can a piece of software evade exact analysis and catagorization by so many people? Note particularly the comments made by SteveTX (he started the thread).
From: FromTheRafters on 14 Dec 2009 11:19 "Virus Guy" <Virus(a)Guy.com> wrote in message news:4B264CAE.D4542B57(a)Guy.com... > FromTheRafters wrote: > >> Thanks for the additional info. >> >> In my opinion, this is neither malware nor a false positive. > > Some additional material here: > > http://www.wilderssecurity.com/showthread.php?t=237184 > > How can a piece of software evade exact analysis and catagorization by > so many people? > > Note particularly the comments made by SteveTX (he started the > thread). Aside from them not knowing what a virus is, Steve may be adhering to responsible disclosure in his refusal to comment further. Rootkits (and even keyloggers) can be either bad or good, and this may land in a grey area - but there has not been a virus yet that didn't land pretty squarely in the malware category. If the running of that software meant that an unintentional vulnerability exists on the host system, it would be a good recommendation to remove the software even if it *is* grey area software and not strictly malware.
|
Next
|
Last
Pages: 1 2 Prev: Question about a Backdoor/Delf.emx detection by Jiangmin Next: Threat Detected |