Copied from AVSIM:

SquawkWin: The Community's First Trojan Horse?

A Joint Investigation

Matt Johnson, Technology Manager, AVSIM Online
Mike Evans, Developer, ASRC
Richard Critz, VP Development, VATSIM

On Saturday, 31st July, the online ATC world was greeted by the sudden and unannounced release of SquawkWin, a new "pilot client" for online ATC networks such as VATSIM and IVAO. The developers made vague claims on their site regarding authorization to use the client on those networks, and therefore many pilots, keen to try out new software, took the plunge and downloaded.

Later the same day, both VATSIM and IVAO clarified that neither network had approved the software, and that its use on their networks would be ground for suspension until the software had been checked by each network's respective development group for compatibility and security. This clear statement by both networks would turn out to be unusually prescient.

The developers, known only as "The SunTeam" -- with no "real" names visible anywhere on their site, later updated their site to indicate this lack of approval, and then posted an aggressive message, essentially stating that the software would imitate the authorized SquawkBox 2.3Beta client to the extent that supervisors on neither network would be able to tell the difference. This act alone would be enough to raise suspicion.

Our interest was piqued by this message, particularly when the authors claimed that "hundreds of people" had logged into networks successfully without problems. We wondered exactly how they knew this for a fact, and rang up the conclusion that perhaps the software was talking back to the developers.

Sunday, our suspicion was confirmed when reports on the SquawkWin forums indicated that the software featured a "version check" to notify users of an upgrade. In itself, this is perfectly normal and acceptable behavior -- but still didn't entirely add up to the developers' confidence in the software's compatibility and stability. Based on these unanswered questions, we decided to carry out some tests to reassure us that the software was behaving within the bounds of reason. This took place yesterday afternoon and evening -- and the ultimate results of this, as you are well aware, are now obvious.

Using two pieces of software which capture network traffic -- WinPcap and Ethereal -- we set up several tests to see exactly what SquawkWin does while it runs. These tests were carried out on a development server, not connected to either VATSIM or IVAO, and using fake certificate information unassociated with either network. We present our "source data" -- the results of our tests -- along with our conclusions, in order to assure that the process we undertook is entirely transparent.

there is more to the notice, so if you use the program check out avsim.com. Its on the front page there.