Categories

BitTorrent
Conferences
Direct Revenue
Julie Amero
Myspace
Podcasts
Postbag
The Big Ones
The Fourth Wall
Yapbrowser
Zango

Creative Commons License
All articles licensed
under a Creative
Commons License.  








Home | About me | Press | The Fourth Wall | Links

Tuesday, April 18, 2006

Yapbrowser respond: Paperghost replies in kind

I just checked out the sites that commented on the Yapbrowser affair - and I was surprised to see myself mentioned by a Yapbrowser spokesperson. They posted the same comment on the Sunbelt blog, Wayne Porter's blog, Techdirt and probably other places too. Damage limitation kicks in at the speed of light. Well, here are my questions...as you may have gathered, I'll be posting these in all the previously mentioned locations...first off, Yapbrowser's response...

Hello

I am representic of web site yapbrowser.
We are a leading development company in internet
Some days ago we got information that anybody told about us really missunderstanding things.look at this article: http://www.vitalsecurity.org/200...o- andchild.html

We and all our staff wanted to say that this is really big mistake, becouse we can show you all garanty that this article do not have any confirmations. The problems had been connected with our hosting comapny provider.
This guys try to sell their products in traffic of our project and not inform us about. We will try to do all possible that this guys will responsible for this act.

And we are really sorry to all our users and partners which work we hope we will continue our business as ever. All our sites will be work in new hosting in some days.

The best
Enigma Global Inc.
Director

The problem is, however you look at it, Yapbrowser popped open a site offering monster nudie pics of what appeared to be very young teens, with keywords used by that particular site such as "preteen lolita" and "young lolita". It popped the site open when you typed anything - anything - into the Yapbrowser application and hit the "go" button. This is a major quality control malfunction.

They also posted the following in my blog comments:

We have checked the article in your web page. About child porn sold from our web project. This is really big mistake which we correct now becouse we have never sell this products. We do not know but anybosy wrote an article about our project and place in your server, We would like to ask you to correct this article and wrote that it was really big mistake that we have never sell child porn. Becouse it was bad hosting provider which try to sell inlegal our his web pages with help of our project.

Hope you will correct this article as soon as possible

I never said you sold the porn yourself. I said your application redirected any search enquiry made in Yapbrowser to the porn site. You were then presented with the option of purchasing porn from the adverts. From the article:

1:11 minutes: He clicks the green "go" button, and...child porn! Not just any old UA porn, mind you, but the stuff you have to pay for. $79 for a month, no less.

Nowhere there do I say you are selling the porn. It is obvious that the X-Treme lolitas website is selling the pictures and / or video content, not the Yapbrowser application itself.

Now, if you do some digging round on the Red Lagoon / Shadow Community people, as well as the X-Treme Lolitas page that hosts the adverts, you'll quickly find that they're mentioned on numerous sites where talk of animals, young kids, baby pictures and Christ knows what else are all available. It's also mentioned on numerous "top 100" lists of underage porn sites. In addition, there are numerous sub-domains of the X-Treme Lolitas site, where some users have apparently "rolled their own" porno pages.

So, we are all agreed that this is not a good thing, yes? I'm saved from having to go into a tiresome "why this is illegal" rant because Yapbrowser already said it was illegal themselves. So there we go.

(As usual, click the image to enlarge, etc, so on and so forth).

This apology is also on the "Adult" version of the site - so far, so good.

No word from 180 Solutions yet, but then I imagine they're probably spinning right round, baby, right round. At any rate, Zango no longer installs with Yapbrowser.

Anyway, my questions for Yapbrowser:

1) Why is Yapbrowser avilable to download again, when the application doesn't actually work? (Any search made results in a page cannot be found message)?

2) On your site apology, you say:

Some links of our browser direct on 404 page on which our hosting provider promoted an illegal content.

Presumably you are referring to the fact that any "mis-types" of your domains redirected to the porn (which I touch on later).

This is informative, but does not explain what was happening inside the Yapsearch application. None of the links in the Yapsearch page worked. Neither did typing anything into the search bar inside the Yapsearch page (for example, the search for the word "Spam" resulted in...a blank page).

No, what's interesting here is this extract from the logs, when Andrew tries to reach Microsoft:
+++GET 60+++
GET /search?q=http://www.microsoft.com HTTP/1.0
Connection: keep-alive
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
Cookie: PHPSESSID=pkt2t4q58jl5q9rdvuto04sp24
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: yapsearch.com

+++RESP 60+++
HTTP/1.1 302 Found
Date: Sun, 16 Apr 2006 19:54:18 GMT
Server: Apache/2.0.54 (Fedora)
Location: url removed
Content-Length: 307
Connection: close
Content-Type: text/html; charset=iso-8859-1
+++CLOSE 60+++
What appears to be a 302 redirect - a common hijack employed by (sometimes rogue) search engines, where valid URLs are shunted out of the way by dubious pages. On many occasions, it's an error - however, in this case it looks like someone went a bit further and crafted some kind of built-in 302 redirect into the Yapbrowser application. And nobody noticed?

3) All you had to do to see the porn was hit the green "go" button. Are you telling me that from the point where you tested the application, up until launch, and then while people were downloading Yapbrowser, nobody in your company noticed this? It wasn't difficult to spot, after all.

4) As mentioned earlier, when attempting to get the download for Yapbrowser to work on the adult page, typing in numerous attempts at what I thought would be the download link resulted in me being redirected to the X-Treme Lolitas page. So, not only had someone managed to hijack your application without anybody noticing, they also managed to somehow have every one of your mis-typed urls also direct to the pornography. Again - how did nobody notice this?

The Yapbrowser site was registered in December, 2005. It's now April. That's an awful long time to miss something so serious. No end-users complained about this, either? How long has this hijack of your application been going on for?

5) Why is the name "John Malkovich" down as the contact for Yapcash? Seems awfully funny that Petr Rian is down for all the other domains, but the one that sorts out the money-making deals has the world's craziest actor as the domain contact.

6) On the subject of being John Malkovich, (and with a big chunk of text lifted from Andrew Clover), the same details are used for a group of sites at Eltel, a Russian ISP, including one site that redirects the user to browser exploits at paradise-dialer.com, which load trojans, spyware and dialers. Paradise-dialer's whois places it as part of the CWS group known as Dimpy, aka BigBuks. Since the BigBuks whois is also given by mix-click, referred to by the yapbrowser/yapsearch whois, and the aforementioned servers at Pilosoft and Eltel (as well as the paradise-dialer server also at Pilosoft just a few IP addresses away) run many other sites that link back to browser exploits and child porn promotions run by BigBuks, it seems reasonable to assume that they are the same group of people.

So, is this you or not? And if not, how come the contact details are the same?

7) As has already been mentioned by others, how come you are mentioned in a Russian document taken from an exploit site?

That's about everything I have to ask for now, and I'll be eagerly awaiting your response.

/ Update - The Yapbrowser people have replied over at Revenews.

And, also at Revenews, I predict a riot in the form of some translated Russian from a Yapbrowser guy.

Labels: ,

posted by paperghost at 5:22 PM | Digg it!

All Content © Vitalsecurity.org 2006. The content of this site is entirely the opinion of Paperghost, and is in no way endorsed by FaceTime Communications. In other words - have a problem, come see me.