Return of Porn-Fetching YapBrowser Raises Eyebrows

By Ryan Naraine  |  Posted 2006-06-01 Print this article Print

A rogue Web browser, pulled offline after security researchers discovered it was serving up child porn advertising, has suddenly reappeared with a peculiar twist.

A rogue Web browser that was removed from the Internet after security researchers found it was serving up child porn advertising has suddenly reappeared, with a peculiar twist.

The YapBrowser, also known as YapSearch or YapCash, now comes with an odd claim that users can expect protection from harmful exploits and viruses.

The site hosting the browser download originates from Russia and includes an "adult version" that lets users search for and browse pornography-themed content for free.

The site even offers a "100% guarantee" that no malicious system infection will occur when using the software, but security researchers tracking the seedier side of the Internet have flagged YapBrowser as a serious threat to computer users.

"We do not recommend the software given the highly debatable history behind it. I suggest users steer clear," said Wayne Porter, a researcher at FaceTime Security Labs, an IM security firm. Read more here about a new IM worm that pretends to be a "safety" browser. The first sign of YapBrowser trouble came in April 2006 when malware researchers discovered that the browser was serving up spyware and underage porn advertising.

YapBrowser, which carries a not-safe-for-surfing red "X" warning from McAfees site adviser rating service, has also been linked to Web-based exploits, page hijacks and keystroke loggers.

According to FaceTimes Porter, the main executable thats currently available for download is the same as the earlier file. He said the software is currently not working properly and is serving up 404 error pages on every URL entered.

The link to the adult version download is also not active, suggesting that it is currently being tested for eventual distribution.

McAfee flags YapBrowser as a "potentially unwanted program" that directs the user to use the search portal.

It appears that YapBrowser is primarily a front-end for an IE HTML rendering engine that uses commercial links to push users to other shopping search portals.

"When selecting any link in the results lists from, a new full instance of IE was launched to display the contents. Several redirections occurred when selecting any of these links, and it appears likely that a primary function of the software is gaining clickthrough commissions for referrals to the sites listed in the results," McAfee said in an advisory.

Click here to read more about a warning from Microsoft that recovery from malware is becoming impossible.

Upon installation, the program creates a shortcut in the Start Menu Startup folder to ensure the program is launched at each system boot, McAfee said. The company also confirmed that the software is associated with "pornographic material" when the user tries to enter specific URLs or search terms into the address bar.

"The application does display a license agreement when installed. The license is sparse and rendered in poor/incorrect English. The agreement does not clearly indicate the functionality of the software," according to McAfees advisory.

The first iteration of YapBrowser was bundling the Zango adware program that is distributed 180Solutions, a Bellevue, Wash., online marketing firm. 180Solutions has since severed ties with YapBrowser after the child porn discovery was made.

Officials at YapBrowser did not respond to e-mail requests for comment.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel