Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Return of Porn-Fetching YapBrowser Raises Eyebrows



 By: Ryan Naraine
2006-06-01
Article Rating:starstarstarstarstar / 4


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
A rogue Web browser, pulled offline after security researchers discovered it was serving up child porn advertising, has suddenly reappeared with a peculiar twist.

A rogue Web browser that was removed from the Internet after security researchers found it was serving up child porn advertising has suddenly reappeared, with a peculiar twist.

The YapBrowser, also known as YapSearch or YapCash, now comes with an odd claim that users can expect protection from harmful exploits and viruses.

The site hosting the browser download originates from Russia and includes an "adult version" that lets users search for and browse pornography-themed content for free.

The site even offers a "100% guarantee" that no malicious system infection will occur when using the software, but security researchers tracking the seedier side of the Internet have flagged YapBrowser as a serious threat to computer users.

"We do not recommend the software given the highly debatable history behind it. I suggest users steer clear," said Wayne Porter, a researcher at FaceTime Security Labs, an IM security firm.

Read more here about a new IM worm that pretends to be a "safety" browser.

The first sign of YapBrowser trouble came in April 2006 when malware researchers discovered that the browser was serving up spyware and underage porn advertising.

Resource Library:

YapBrowser, which carries a not-safe-for-surfing red "X" warning from McAfees site adviser rating service, has also been linked to Web-based exploits, page hijacks and keystroke loggers.

According to FaceTimes Porter, the main executable thats currently available for download is the same as the earlier file.

He said the software is currently not working properly and is serving up 404 error pages on every URL entered.

The link to the adult version download is also not active, suggesting that it is currently being tested for eventual distribution.

McAfee flags YapBrowser as a "potentially unwanted program" that directs the user to use the yapsearch.com search portal.

It appears that YapBrowser is primarily a front-end for an IE HTML rendering engine that uses commercial links to push users to other shopping search portals.

"When selecting any link in the results lists from yapsearch.com, a new full instance of IE was launched to display the contents. Several redirections occurred when selecting any of these links, and it appears likely that a primary function of the software is gaining clickthrough commissions for referrals to the sites listed in the results," McAfee said in an advisory.

Click here to read more about a warning from Microsoft that recovery from malware is becoming impossible.

Upon installation, the program creates a shortcut in the Start Menu Startup folder to ensure the program is launched at each system boot, McAfee said.

The company also confirmed that the software is associated with "pornographic material" when the user tries to enter specific URLs or search terms into the address bar.

"The application does display a license agreement when installed. The license is sparse and rendered in poor/incorrect English. The agreement does not clearly indicate the functionality of the software," according to McAfees advisory.

The first iteration of YapBrowser was bundling the Zango adware program that is distributed 180Solutions, a Bellevue, Wash., online marketing firm.

180Solutions has since severed ties with YapBrowser after the child porn discovery was made.

Officials at YapBrowser did not respond to e-mail requests for comment.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.





  Reader Comments: Return of Porn-Fetching YapBrowser Raises Eyebrows
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 


x}is㶲*Qg5E=ҔlcXgRJEĘ"uHKΟ_n?~M %yL'cKX@h4{$ W7-gL:9)ٟG,zIj}ݻ@BezNULsJԶnL7n[c3P/a᳙,Q :':@PL5uΚ}ٚc7h2 X -$(kzZ'jZwmZ P8$H.( fwm<"ay# $aT$Nuol9 QY !)*Jd/B(?F#s?9CvN5{Ѐk`Vl m׸ڮEX'/[vkx!BP!"B\ςݻHݤoq@ؓIuhmUb'Өbb#Q^]õ]&\./RF͌eCwtSz3]gԏ 1l{`2E9$7 \j?yfOlˇqtR8N8CYnհ}=-:ԍ۱=$f]Ԓ],r,U)0wS'&>dRrpXdQ=}9e̛V4öۼCٰo4TiUE9*TR9Eo[¥̝ w֨n~wUMSZw>ʑGA nkp[J^׵VOY\v?.. N6Nַ߈ QT"*rp4MI 1q${/@BRM7JQߨ+ZVH+(H.##I-LcyO`%pbQUrnOgSKߺnZ:9?nΐ|bP+Mz(#1hgxg_-:nNo/9nڗݛ9^֧Iٝ{N4Aqs j__[r\?-mz 6l M u ô|WVK5IͽGb{|"j]}ퟒ_ `HBi۲ܺ̑\ ykaXY|Dͼ94o ߦIw[ W4j5+tU&T7o`H2 SI_s뮞;j\K}0[=RF &\ aC|dMil&XJp7є6`I*2TI0%mQt3 .)J""xN3 qE KH@!=F!8N#8U%Ku}7p@eMCrNTVʒ0Sb{禷H nuƍVuJzW^?uZ^C 8^$glh|* ]ezbc\ZԷWJUJPX=*BE*GU,@JL# &s;<|P ZG>OtvSjZi};N"5d}4>ljAGAticš4έ@7&hC}ҍ:L {ݣPo]=':,AbC XS9*z(tm5A%ǎC-ߟLu#09w ɝ5yPf+wCPAb,DM}PC\7 >)d@}>g )QmNl}h٠1 5%aF;r%FaA.G))(?MPԤv9BB !\60 H# P, ЋR1Jl׀Ri ! wRTD=7^ KŔ>*-qR% 53TYNjL=?j3!U~G,[E`z9r,T.i Jy[+R4dT9 +ZIQQ#U^^?uw<-vFc?Y^0.1 3Rc~z poFaF?hyAu!@3~ ~6ˇ)}XȦ5[}j&{l6g{A3uNP"_ ۝ng;./=\҇9 2V[ $50J%gUA+G|@]4?+UPƒa"`,+$2ۣmĞ7(VV9NrB@S*𯜲,pH@&mпdz?;Oq+2Sj$)l44O͡vvuV"kBF^tt {9R@{4 m 246@Lk+,ښè+AJK_ji ݴsaŴ,Bt6б<y:LI_-Mfuj,j\'M;,ߪ&TYwӟ@xy#׷jISʑb>Y;lA xnJirij><}>NUKϵA)"fl>u L'|hAJmw6q JYY,,b3*4j+z of ׆eK,tDqЁUrcڏә;ҦwZSv˦Կ~Fl4]Z#֭CVapD30۠,e?COMb^-!zjMug 7aT5cclq-ZʠbygcMWѹrHB?l1D:3_npf Z*"~~~049 J>f}<~B)p*L>FmOYвNzu6$TY.(J9A)` N 2&h<|CH&,\$ DrAa T+c..'7].D 6~Î'"%1ڣs!b*/7+ \|;OgjZ(T+1:ʪZJkVv2EV6őG@=<@*:2 Z 0(hE}耰⦉!LԀH5VFl.baβJ);oiZKyRIV0 %l" ?ŤX TkQsGŕ5 {é#uMaFž JV-=oyAPsv-"fdbD4@s=@5iM~'H5ysVt9y^%qfR+2yYVzruF!Yhgf'<+_M}ˀ'dyM?t1Տ'8*z)#ʜ)EoS Ymq'&.҄^\\f:}8_*)S]5 ^ ~Si{V9T%u͇RiEmT)玾ߓNt,ӄ1~BbQ=Y @rvjT G|2(R|"!C-a'dql'?lGD B',W'.\&WF@"'!Z+5 3~vË eVpm\?[ cS7=JL_BP`l&wmO /@ ;NEw%]w7!)h{ٗΚCcyvݽ<$ "GpޏB aKKxiïR!)ؕTjwZb8 }LAI 4t="!}ׇ6{9EU}AuhôY?`Aran8I{oeKJ:^;OjP$zdennKlx8eRLɔ&g.p)|Lhk'IZV6X(4%!4T^ЌObCYF*]' һj^npVPt.+PsXdO4wX\/f8!-tLwzF]Yfg 'os 羴v/ݻw~Z8w[q*A=wC'$c: I"I^U֭EdU)I=YE㻏)C}^GxL_:@Ɍ7CKf-KΑ=#tzooo>ȥ֛q="~X} ~ ]=PH=wx껿PR,$rDqD &x/)9/"Y:'%:#ڮ/=اﭐki\xlS֛12~u'Ldј@.lvm鼳62O> AYCXؙqbLư2z'`G-ݺܭ1³D`GHA|égA km9ntBqVE0p1-7KpjulE;/'Ɏ?eMr sf2i p௹;_  ߅?=Sq xߌ zГqk+\<ъO\m1-X}Od|:إeȺ^{c7͋ /vƯc_'g/ O%\I_cx EE]Vk{ ܂J\}[*U j)4XJk1$$`y85a\AR%Xxdԥ}u v)}<`[;<C0˺M`` g8fX(<0ɁVhRbrb/?/:]gTfyBF Ϭj3d  q(>oe$`2)j o*rAl *&5PАrqT|8JF+"c)2i~Nu~./]C%M)fr$&K!D[vLxR ) x(J,Gxب,ŷ ^<:9eVc<6_T(+IQ_0ҹ;HXN<娊R+(JpKBE@x]Fp z)܄hy"*O$U¶Wx: AAoc5%آI=yHaHA[-/RމphsL0ٶgpqЯz~-{qDKCol] Uۖ/%"uhʈZ޲{=~aGAL`2stSɥBbƵ".nH-`UWg\O [zqmX{޳lݙ 0ܫ3v3A# `x`B#ph}]$txOUAuo[ +8eHz`L$w$t|=S37aѺ }"*~]ti6Jkaŵ,v ]AN}=l,vRŴTEa$ vM҇܀2-ǰYRTE**je+-,n^LH*acڴf磬l/ 22j㮸yyyy;RTKϷͽ"]W}(MKesV_S|k0 Z}y$X%c/m34Vo9?KuSujh|?'P= 9 <%c/2o+׶TՊښ [ @IZ`x _$"t/eKJ,:rfjԄ1 CN$L] Ejpkp!"A$1DS-cJBWSOP3ʮxҙHԥsDV v*D%Q85V! A'`L!^!&v@c[RI%SQA/pǵP tzr6Jݞt꺸/:Ipnp&C ú=%k#/>_gؒ0a@ōF4M T[02~{&{vi"MγWǎR6L \(e" h^gKZRǟ  ig$ |ץKA^(TR+Bq ň7tfᐈHFإ:wI%wffffMZi_Ұ\xî$UzFojU#g*rfX5B7>f:څ/n~ҧYkQs`U ꒰7[96enbcsF0Gx:R5F5~'v~cyi{1ݱ;j#w% Ԑ@+lӫ?1'ܙnO_P>D&DxL=y2;B\`kn|Zsh~ d׆f4.{{m+hG `|F0-c l C+(U=|0 dE8G] 26+Eb%Zv'&vZw>[x=W/!4SXubM̩$t~rGN?X5s+xș0H@=|!Lb>8\BO~{0K/c&ܹF H˱G}X˼hnM^,Nܓ#atυb%6Y3;g(@4dRc$P&W~S\vHǭ!i~X608{7I?ځrU|'Ro|Պ[NoҢCnPP*(ZzgOHAv|jXojzrĠdܿ!  D8 G0߻s{IV^Y5Xtw~)0۱px6-Rý"Ֆwظ<#Թ{G< )(q К؆t N n,RMh17ۤk¨`*MA9(WTDvh:hTHu Sm;=zLfROa/LN_ _!ݰ,VI myi#ȓ+2shlM /uh1'}f\nz~uC +@;Gym!"<+~?qL>>BއBÌ?5$dV)>΃ ܖ1q1"+{OC.7,5t$rE!iʂ6oz˞RS ƈn_fÐs[OŰDĤ c 4FH[~s3uǸZ 45x DzsIA!=1VA[x 19[Sq@C6:= OccZ|,{gGǙ9fQstپ<w.vqY@y+DLMڠAa~Lµ!~XRJs% h_fJ GtA:@"\2GΎOe~t`qV!pϒwgy:t^Q1e&}0s)aR;Q7IB qXR~DB(s k $} 3þ~6 _fQA@p)4fTՊR SB`@)5C [DU]Wt2n?%.4!W)WPh s##vGCT(? *O=lF,1B39^&9nHq}ow/q{} '\MGݩ;'ݫgu_dծɘ1dv2t2Ӂw2dg賓Aȣ2!<#w2a~/32.a.3 f ! _ *>UFk {{3 ># a|2 )7{A7MF7@7\$)cf5pvJEs_53TyU[˳gȳ;F7^˰sk3ce_/ˀq\J}u=M+ƥw*WY[xM}-kk[Z1n6d b/ BU(X2M*F!+(,8%]}fMNJ 44k 7b]YDYAI{R}ntE I>4𞫫qLvw,_YnƊ6sLqϜO8VɴV !,Eh}l>܃f cp2 #GYkOT/3i˘ЈwS;=yqUts \v#_x&`?&S/-ph;:ُG{w8Ɗ <0/qކrH'+? |4;(^i3Q* ~5íEYR78zC|g4o}e\ ㌠v3K :!^`l1h}k:KDB'pZc(+"D74\9Ì)螉O >jpO_B17p]w n B:C\ԴZjRsG'׈d6#8 3`耚DdU*.ZX,g/g2l]gۆJZCO\3CX.ḇ}lkt%.$1=:mǬ*V(6of!2^6սD<'u~m

rs/:7ژLڸAņoj/hbKZ=}`*\';=D6vgjy }dq0X9Khw ,}[V ݡRC B~2Ra<ک>7gHτ[Ti׿C|S%/u5@:՞/kn\;a[ƈDM[I6ɑttkl23sHP,#V|[&½09./ ]C?% ]ċca.EIƠe @䄸 v_j;#śI+Ʉ`wƨ&F\ "!Oc5c"uŧ@0~Zz`L,i`ArlWU ZE6N5"V0̦IW"Br';7%tXS@8>cc6Hm\\wrnCk:nԙ%O_T3c͘%u7%x^3|7ty'W'#E#'1MD+fAl!|a9<(}CI59D>!_&dϒWl,^)1 K %$I S߂:-C})L9 H|\k֊,#!1苄I MЦ+ L͂ԱwFd"ƒ_1#2:'DJ  Vi 궯MgA۾"=VN$G>v U1^{3E3$07z9ًu8:\5J &A,L\>oy^D, -يI-.Ts]qKumϿI-gXL "a'/"^= g _H6GD!qYб ߚR DOY"vy>mKYZQږy@6awWێV"iů7@B&!#R.n809`" "O j7;1Teu,s0ŴBShI -(O?5'knxK"OC34 w^ة;qV'{%͠x/T+ iTM1xu!AY=-_!0p,\f h6A|EKo@z 9@+7AkHJ B ēy=&ވ\ Tjӟѩ‚WnlX@cy`Yf;iø) 3/U@Evg˫Py Vs6Na]|ۺ+Aў(Ynw|h[d%+GM`Wpۂ{ʐXhWeR@V)tnO˞ă㋰MÑ =c,/{ QFbf=z8N]RŃ $c-:ԭ8?P0h_~&?{c]'nJQXƺi#Q`W:*6nuywDL7(+]y#Q1Vovf$ѾfpalX  V|޹M7Ϗp`h2[]g4^ma,eLھW7,lH[Ze'].hr=E#Ҏ )ؑ~)'j #fY1Vj" 1>O)xH>%B6Qrytʵ-IErY)Z,aX!%Ӫr5lQ_zc|>۳zw _jPo0,BL Isy6;|,ݐbZ"ND׊rI)9=O9.*HH6c?tftŏ@˭]^g"a?#ahCgyba&<"e}%Ix+)/,ρ.?qG\`8b@xT,zV?Pu/YӾ|]*'ꙺVώ