Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Return of Porn-Fetching YapBrowser Raises Eyebrows



 By: Ryan Naraine
2006-06-01
Article Rating:starstarstarstarstar / 4


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
A rogue Web browser, pulled offline after security researchers discovered it was serving up child porn advertising, has suddenly reappeared with a peculiar twist.

A rogue Web browser that was removed from the Internet after security researchers found it was serving up child porn advertising has suddenly reappeared, with a peculiar twist.

The YapBrowser, also known as YapSearch or YapCash, now comes with an odd claim that users can expect protection from harmful exploits and viruses.

The site hosting the browser download originates from Russia and includes an "adult version" that lets users search for and browse pornography-themed content for free.

The site even offers a "100% guarantee" that no malicious system infection will occur when using the software, but security researchers tracking the seedier side of the Internet have flagged YapBrowser as a serious threat to computer users.

"We do not recommend the software given the highly debatable history behind it. I suggest users steer clear," said Wayne Porter, a researcher at FaceTime Security Labs, an IM security firm.

Read more here about a new IM worm that pretends to be a "safety" browser.

The first sign of YapBrowser trouble came in April 2006 when malware researchers discovered that the browser was serving up spyware and underage porn advertising.

Resource Library:

YapBrowser, which carries a not-safe-for-surfing red "X" warning from McAfees site adviser rating service, has also been linked to Web-based exploits, page hijacks and keystroke loggers.

According to FaceTimes Porter, the main executable thats currently available for download is the same as the earlier file.

He said the software is currently not working properly and is serving up 404 error pages on every URL entered.

The link to the adult version download is also not active, suggesting that it is currently being tested for eventual distribution.

McAfee flags YapBrowser as a "potentially unwanted program" that directs the user to use the yapsearch.com search portal.

It appears that YapBrowser is primarily a front-end for an IE HTML rendering engine that uses commercial links to push users to other shopping search portals.

"When selecting any link in the results lists from yapsearch.com, a new full instance of IE was launched to display the contents. Several redirections occurred when selecting any of these links, and it appears likely that a primary function of the software is gaining clickthrough commissions for referrals to the sites listed in the results," McAfee said in an advisory.

Click here to read more about a warning from Microsoft that recovery from malware is becoming impossible.

Upon installation, the program creates a shortcut in the Start Menu Startup folder to ensure the program is launched at each system boot, McAfee said.

The company also confirmed that the software is associated with "pornographic material" when the user tries to enter specific URLs or search terms into the address bar.

"The application does display a license agreement when installed. The license is sparse and rendered in poor/incorrect English. The agreement does not clearly indicate the functionality of the software," according to McAfees advisory.

The first iteration of YapBrowser was bundling the Zango adware program that is distributed 180Solutions, a Bellevue, Wash., online marketing firm.

180Solutions has since severed ties with YapBrowser after the child porn discovery was made.

Officials at YapBrowser did not respond to e-mail requests for comment.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.





  Reader Comments: Return of Porn-Fetching YapBrowser Raises Eyebrows
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 


x}is㶲*Qg5E=ҔlcXI*EBc!)/˟_n?~M %yL'cKX@h4{$ W7-gL:9)ٟG,zIj}ݻ@BezNULsJԶnL7n[c3P/a᳙,Q :':@PL5uΚ}ٚc7h2 X -$(kzZ'jZwmZ P8$H.( fwm<"ay# $aT$Nuol9 QY !)*Jd/B(?F#s?9CvN5{Ѐk`Vl m׸ڮEX'/[vkx!BP!"B\ςݻHͤq@ؓIuhmUb'Өbb#Q^]õ]&\./RF͌eCwtSz3]gԏ 1l{`2E9$7 \j?yfOlˇqtR8N8CYnհ}=-:ԍ۱=$f]Ԓ],r,U)0wS'&>dRrpXdQ=}9e̛V4öۼCٰo4TiUE9*TR9Eo[¥̝ w֨n~wUMSZw>ʑGA nkp[J^׵VOY\v?.. N6Nַ߈ QT"*rp4MI 1q${/@BRM7JQߨ+ZVH+(H.##I-LcyO`%pbQUrnOgSKߺnZ:9?nΐ|bP+Mz(#1hgxg_-:nNo/9nڗݛ9^֧Iٝ{N4Aqs j__[r\?-mz 6l M u ô|WVK5IͽGb{|"j]}ퟒ;;Beu#$7R(y30si2)>ML9X@.@ש#04ǯhVj5V0-Mn "d4 ]=w a6zALt:H)=?&Țb.L2o<|)m̗U.d`(AK/g- 5f:]R$y3DDȝ g3E94>BzBp4<01FpJn.b? [ʚ&g񇰻feY%YWaMozgfu.~z,qH,0U`A). Ƹ:*o:jr-VdzTJMU~ X8ʕ??1n!SGñA 3&M:vy0;}JӧԴPwDjh|჎(>ʋCQsi[nL,@sՇu4A>;G޺zN unY҇@&!1ԟsZ TP"wC hA'r=kJׇ.[?? ; G`r]; hk =DVt#X` V<2+?>fn@ }SȀ|`@=XS9nвAc@] #RRP$S$I#r*B1l`@n%G [AXk bR .:ҶBICzn)}T[h+\KBAfkf(2{~4 cfBd '"Xr`Y \+|)l V.hiȨs0=cWV+*Z ңF +%x[,9<:79`M?bf;. %=*,Â_ 9fѺ%C&==-f ˛mKRԛ0M,$kp?:2` M l$)f Df)Կ ;7u9܆v\,_zv?Gs.EeKJ/NM)Hj`>JnX2W/h~W.Y 3DXVHdGf!d! =a \oPȭ,T)s^IYe䖅T_9eYX᎑tXMڠ~w ,Vd0q6NI Shh8E/C4jM;24ʭD֒f]X]۽@r6ҁviZZ @-Ŀei m-VX5QW0:4)i ŠiYlcy1Cuz ^IZRеہ`,YNܛwXUM.R?>2ai[F6oՒh#Mb1}vn g&ApGN͔: IJ|x|ꝸ3@kRDz3OD:}:ЙNтP l1N)̕>A XXfThjUV, -"|7@( ˖X ㌡ҵ3Kw7MeוּJM!bFh>nG[a@r0ဉNgT3aAKY6 }~\>tļZB_`՚o&rI)j$`/#[ݵ A ;rm۽ s~, bjt,g@AaRo5>  T#!E+LTBYah]s6/|}xN`'\sS&TJ}#Nݡe-m*IH-b]Pr(SDZ7AaeL䱯Yx@MY 1H$6/`k :@0 !/PTQ-W/#Ƃ]L]LU)TO"nʻhC{-h]>,,l@ODJQcG=<&Cf+DŜU^Vw$JPVbtxѡUT9*J8;s??]ex$? rF@W}qk`~62Msg673tx+ߙ#ۼagF]H?`ײ. _kObYGY hO7`sk'iF&:DV0! P"h[eejڳVU;NP(;w>k-}4{J[$XDλԲ'**b56> PGG=W֌H+ c5}u2*ZW}ZAYYr:ix29S5Nkqv #ָY[љ#Wh xQ IR~gZɲ gy>cIR|5y->p7lj%O@(<Z\"h gZG:;Jp qa_QVJ dDfbNg• k*w׍sPUSyr=ïJUP5֬u 2 \S 1|&Uc3~zimaNAyk2$@ dѮ9+ NPƫWrV>Xk5VZ>:lu''ܫ rõn7>;" ۝'gXvJ85mv֩rZgP*HA:er,×~51t&X2`N>2V&OB(J٨-kr_8A~V0}^A##ȫæ'kj@'gcO7)~ m$\EC>kmz~LseU7MBR%%!^ͳ!ӂk-90B[0qR3ڛ=^,@N|K!ZOkX~4wI#y/Ɨ!hs{g OL2zf3z%MMhh^A,cf~}8,-o*M&lԆuXztS6neUkVB gI@= c8=.]E^h2)n*)ۙjZMY@j#wOkʁn*l>EM+t׀m+J9wwGc&3t@ 2ɢ\' WeRU@o8J3AJ j ;!c8`<"MMXhG?=a?q-492=ZgaG^P(k㜘\}?؇^?hUeQbcE6 k{J~Zg^p 4(+iIAcg˾t/>~?!aa="~"`}f{,5.mXHֿIݏRi\h}dzL\I1>dd˙]=/bo5F]區  wnG4?/ŗtOk~K\/[R1~Jy2W#!Լhm6<԰MFV5C2҃a++H[3 BXקkN,SVXKR!}&1>CՠlGk<VT+[Ě_f·łB?JN3(G@R`OH[%#N۽vZfp6"BtX 1ue}E/b)%Q\(둞/Y"uҽnr lo}AFNd^VZ-[N7S+d$ #?]/8ʚ'=?MVO:m"݋B2^&V8/=h1ڏHE/Cq]Rqnu zsH&iR'PE3pq*d wl)~ڲ/CY(^H#۽? {v@Iu=LP'i&.sK7t[b)-ȔbJ49syH3%dBE[=IҲYGƐ&P, f|ʊ5R!*=YUr{ҀĴ&{6wg^%·J$cζˤ!ė4 ER#A[xqXt7>kI)jݷΪ\؍ޔ|D3`(=[H aȕCrWkb~M6ZU$v<ݝ:z`cIŋ o ~8qE42Thi'sؾs=ahuх[eY$3m=#)Ս A/Ms>å`L:M\gOhG(PEĵTrcc䰌M+"ÈB H N޼=FoQP]ʌ,=}!Gzzy}6 9ocJwfk6bO0>oV8i?{޽s¹"CWq:+`)=$XH!Hn e_."2gNIJn/}Lzd< ,fJfZ7Kni^x w4w v{}!F.u0/sǚtϯ3n8%~WBS-Zg%KW%r_&jD Nt5Q{qN9x}W90Ϊ=y$/Av} lD>?GBa"FsME[ofO<|nFց0FcԲٍǶ& r? 4hg azcgƹ39ោJ6wVp. v_!O!%JJ-cm!_к ŵcZǴ p8|+؊wf_O6oN{kA|;-e\1k-__s w2|kI%%p!$ 8=Sq xߌ zГqk+\<ъO\m1-X}Od|:إeȺ^{c7͋ /vƯc_'g/ O%\I_cx EugJǠ*"JrEx[/\qc$j 鄍lk^!"ƳAWy)ֱ){AfO!i%BIs$IWR/bAӔbAZD Aj0_d|IEۋ#IkSV_f^cW@;oooo?`0gcy6`.+y&ե2̹Z^Xt)Cp8><~bzڗYNUt)c@ӷݺAS]ǞJϺE ˡ̓ʵ-"kbf>yK-@&W6/]/K@ْ }Z+lpCu1_jBR~&l@ᐹ. B$D Hbe![65TsO3*oIs/fw] UF3K0YJpl2Ək(B DN8 =B_M:BL솁NŷkK&ZG_@<_k5.uUm<=u@TPuO0,V0^L8z{IA@' öiRoxö*hfR\L$ Dg\!<m! ՜%B1Qb#DؽΖRyͥ?!$', H@K.tP MV o,"1$!+J/;!Ku&KBffff, jRl/#Z!x2vi>,3>-tamٰ߇ojdOX2!W;~^ e/mMRSzGmw׊cҕFgQד֍ .WE?q_n66{;jgot64v¤RG:iWJtzq~ʹ6!DPP00-pҞ[[/mpч[Rg]U &ekJX5᪊UNmRfk7mߝI& F@,ކ; FBGVT1̈ .MYkƅyr_p t4 _P2=O&$>%aݯo*rl82kPa܏u]k km+^w7Fb`cwP)=h%|$GL@+!.WWjKOCM]?3ݶW&.}L8ŗޕ{[dp=wхŀu;(Eff56NKdxi&]$5?hVro6` lj[V]YQz\a ȊhkkٵqdyN;mV. Jh$&yZw>[x=W/!4SXubM@$t~rG_a WSƚy< m(j$R &1.'?=%|`u1 _Ap\|@V_Zk^_VBأ1Ae^4m/'IO刷D1[L,ÙBt}ų a!1`C(nx.;4na?,g]=Ez@9Ъ ek>"7jE_A-~iҡQ7 ?3{>uը4$DrHQñŃ4+u"z?qTݥeLIEզ0i":6M=qoz@~RJ~~/z`M1GSaQ-:'VGa\(>3BH5ͅc,PxwKD=?f|'<baw9Ƕ0|VGcmc9B,o/.Ԑ5X}#))ȁ;[ s(яTmSO#7zsJN(+aɹ+I#샒=%hcL!,Qx)Ds~*?Ñ:(-ķVFXt"ZOx$ǍYV./> % l?QX2z{n/͛I~p0&40aS,^𭫐J11ǜS×GRSWs.}KBG(zdqK<// #|{:g[c7vek[`ɣ3#ԄVVpU) & nj1*gdcsYM15bcC~ol =6J=!֦v̈́OzW\AO[jKwDP@֝Uga%7dYttQaNa)c,kXr8c`mj|eXEt>IܪzF8IB ?GZA)rh!?{ uؕ*FUP=j%{`r v9ٟIL':g0RI+[g?b1Qу-{aZ<<}Q,턂R!Fғ\|>8f|G2`ƶC0经UztWc}w+%F a! ĩTޝKj_$|t"['xNWXEmJ<\kJ^DyjKl\Y#/VkDAp ʹG[RJYIva~Xev7 Xp,sE"ͨȁXJ0o[1K}9\G6ފb(G![3P]LyrUh9mf^qT`!5xcT(1N+PSC,6M$y@dЃ=Tt>Խ~#ZU{8 hMl׃|W:h|'O[RGlΦ󧏏Mn5aT0|LAnmx+VzK";{ ̊XH t4*$:)6ɝ=B&3'؏0gS'B΀qnX{+$ʼOI^I P46ϩ:n>C}A.[7Vߺ Ciѝޑ}x VK? 8CGʇs_(gGaOHʊ\X+߃wA {˘`@A~Zχ\nX|I7o9gkH0jCL9ҔEח=ЍQݾ ?1! @L-aȉIAX#hbG#g^q79kN-i`Kk&r:,౑N #BL Cbmcs"&lhQkm/u z]8 +?,P Y Gώ3sȣ4ϓ/}o|0_%)z'\@3,V2A!kC[/MJ>ss;-̔4̃2uEܹez?> 4/6NC"%ΨftdˡQ(b:M u?3a3RS¤vx1X-n@<Pt4'Hg}lb ><Rh̘_[*uUԁRk]j)q^]{ YV^"ӄ\I \A]t/ PIZ wPɾuP }a3bqOtvWWY4uEz{'~{I[m[8j?N9~>^}>k_ۗ}oJ·_ }ePŚΧ6q7@Q1C=W\qPt"Z>^rPEEFϐsF/KF5_?i63GJ?2O d},?2#\5ۧF4#gڗvF?2?C">vNt`w~' >ී৓1g'>;@ D'dw {1?s w1]7]? ͐/W@Wq2_\gO诟AAA_ SV>S>>eo~o2ڿh&k$eCnNp3Kq /Wa uy_ yVV ?^`fkWx.rf e{9;k?[N}иCJWT-={Ьa]!=aD(s җe&ms?`jG~@' @8ξrcޡn$_ 5W<}M.mG'}h=U]YXq'Y%P.YCIswe'ϝfūu>V<-t&j\eϣf(+@J~@q37>RqFPg^u^ebpb|Z/OUq4 5%pJ!J81|FZ gaFqbB]S[twr~58]pƘ8Ʈ; P7mIfT.jZQo\)Uʹ俓kD2Lz@0vt@MjJ]NmJTL3DAJ3 .3m^d FM-ϡ'!,pC>FJ5G Px[cE@y+cAV7/\ ^"^v:ic(<;)܁R> >@m^u+j>d9? _9q9mL&mʠbC7a4%uv[F0|w"35<>8Mqgq%D4;o-XGP{c7ˡR g)b0T |dL$pgB-ҋ[!>OPe˺]ha jϗ=[-cD "ö\G'V!m#,9cc6Hm\\wrnCk:nԙ%O_T3c͘%u7%x^3|7ty'W'#E#'1MD+fAl!3&r}8|Qޣjs(|C:L%ඁE"} 3 q:iwasD:D@0anwf9cˎXaiѶZ Qo~j^O(Ck 5E`w4agh| ԱSw O 7J A_V;ZZc*C2J_v{[/'B`ºuGW=QFaжJWZY°Bd'KUܵѩ_k^٢C<|g`)Ԉ Ay,O~փ!gn耵gkۄ6Lg]9,LCi>e1}adrY*0_k5lv.2X8ّ>sχALNyNE=Kf}'s)VR,_XП]<":+ 7qXҩY5/ZKc~;s<^f}TO3uG?]?;5z_ZayBcFLl47E:?C[7nyqݏRXF^zI2V]5OOۗ񱞽?`*X8M]l\㍿#P1T[3ˬZY$IL#;ou['- ].IM)V [=jqCۙ W۲M*_d%rR⊧ EiQ}*'2KfQbn؄;56BJFkl{652)