Categories
Website for sale, one previous owner
Labels: Yapbrowser
Unfortunately, it's Yapbrowser and it's going for TEN THOUSAND DOLLARS.
What do you think? (Youtube)
Sunday, December 03, 2006
Wednesday, September 13, 2006
Comedy Interlude that's more like a Nam Flashback
Labels: Yapbrowser
You know, if ever there was something I would buy on EBay, Yapbrowser would probably not be it.
Thursday, July 06, 2006
Yapbrowser buyout, and the greatest Zango story that never was
First, wander over to the Spywareguide Blog to see what's cooking in the Yapbrowser kitchen this week (thanks, RinCe!) Labels: Yapbrowser
Then...we have a veritable comedy of errors. A well meaning friend mentioned there was this "Awesome Zango story" doing the rounds, and when I heard the details.....involving free soap and biscuits for children...I was naturally hooked.
Hooked, and utterly confused.
That is, until I found the writeup in question, and promptly beat my friend to death with a stick.
Thursday, June 08, 2006
The Yapbrowser Forum reunion party
Labels: Yapbrowser
Oh wow, I just saw something that read like a PG Greatest Hits album. Remember the Yapbrowser fiasco? UA Pr0n, Zango bundles and lots of feverish arguments?
Well, not only did I find some craziness going on over at the Yap website, but all my old pals started turning up too! A walk on cameo from 180 Solutions - sorry, Zango(bar) - would have been the icing on the cake, but it hasn't happened yet. What am I rambling about?
Well, check out what plopped into my mailbox in the screenshot above (click all the images to view and all that jazz).
"Welcome to the Yapbrowser Forums, Paperghost".
My brain began to melt - mainly because
1) Yabrowser have a forum now?! and (more importantly)
2) I didn't actually register.
Intrigued, I boogied on over to the Yap site and saw some pretty entertainingly insane goings on. Turns out they have a forum and a guestbook - let's go to the guestbook first..
...and check me out, laying the smackdown onto the Yap guys there! Sadly, the pretend Paperghost didn't do a very good job of impersonating me...check out my domain.
Vitalsearcurity?
Great mis-spell, captain boobalot.
It gets better, though. Forum time:
Yeah baby, feel the burn!
I'd almost be impressed here, if it wasn't for one huge screwup on a near biblical scale by the impersonator in question.
They made the fatal mistake of writing the domain with a capital V, capital S.
I never, ever, ever do that. It doesn't bother me in the slightest if other people write it like that, but an observant forum troll would have spotted this crucial difference.
And lose 15,000 imitation points for writing .org as .Org, too.
Just when I think things can't get any better, (after a day or so of watching to see what the world's worst ghost will do next) who should pop up on the forum but my old pal:
RinCe!!
Yep, Yap does indeed BBQ my Lollerskates, especially when they apparently can't even get a forum right.
If they'd even bothered to check their statistics page for their Guestbook, they'd have noticed their "Paperghost" had actually posted from Afghanistan. While it's not exactly beyond my technical capabilities to make a post look like it came from somewhere else, I can't say that it's something I would ever actively employ for something as stupid as this.
The daft thing is, they have their board set up so that you don't need to activate your account by clicking a link sent via Email. As long as you know the target's email address, you can register giving any Email address you like and then just start posting garbage. As far as I'm aware, you have to physically select that option from the Admin menu, because it isn't the default. I mean...wow. Well done, guys.
Anyway, I just registered on their forum and posted up some annoyance juice. Feel free to register yourself and join the party. I'm sure we'll be having a BBQ soon enough. Followed by a healthy serving of lollercakes.
There are two possibilities here:
1) Any one of the numerous trolls this place gets decided to have a chuckle - I did recently ban some boobs, so it could well be one of those guys.
2) The Yap people themselves did it to stir up....what, exactly?
Personally, I'm pumping for number 1. I don't see what Yap stands to gain from me chaingunning them down all over again. However, it's rather infuriating that they can't even get a forum right. Even more so that they think I could be bothered screwing around on their forum. No wonder they blundered into a kiddy pr0n fiasco.
Can this get any stupider?
Probably.
Wednesday, May 31, 2006
Let me put you in the picture...
...let me show you what I mean! Labels: Yapbrowser, Zango
First off, some news-type linkies summarising the fiasco that was Yapbrowser:
Linky 1! (PC Advisor.co.uk)
Linky 2! (Network World, complete with 180 Solutions soundbite)
And now for the notable quotables...
"Steve Stratz, public relations director for 180solutions, said the software bundle with the Yapbrowser was never publicly available. However, at least one copy of the bundle was obtained and eventually looked at by security experts, Stratz said."
At least one...?
In this post, you can see me debate how many downloads there probably were.
All aboard the clue-train, it's likely more than one.
Once again - if the thing was not publically available, why on Earth was it publically available to download? And why did the Yap site put up a message to its "dear visitors" that supposedly didn't exist when this all came to light?
"At least one copy was publically obtained" makes it sound like I went on some kind of Mission Impossible style jaunt, with ropes and masks and bungee jumps over skyscrapers and that. In reality, I heard about it on a mailing list.
Guess that's another bunch of downloads, then.
Sorry guys - if it's online, it's publically available. That's why you have test servers. Then again, nobody seemed to notice the neighbours Yapbrowser.com keeps so I can't say I'm surprised.
As for the Botnet here - it's currently still up. One or two Adware vendors have got in touch about it, and I responded in kind.
Guess who hasn't rang my bell yet?
Tuesday, May 09, 2006
So many checks, and yet it still went wrong...
I didn't offer my thoughts on the answers given to Wayne Porter by the Yapbrowser people straight away, as I wanted to go off and have a think about what they'd said. Could it be true that they've been shafted by their evil webhosts, forcing lashings of free nastypr0n onto their browsing application? Yap's Response: By that time, no more than 5 downloads of my proglram were made What payments can we talk about? This just doesn't make sense. If you want free web hosting, you can get that from anywhere. If the site's not supposed to be "on public view" in any case, why not just go for some ad-supported hosting while you test it? And wait - surely the application itself is what needs testing, not the website. Porter How rigorous was 180Solutions / Zango in terms of checking your application Yap's Response:The testing process was very harsh. First, our program is included into zango installer. We supply some design elements for the program installation, EULA text. The program installation is done with the confirmation of two agreements. Zango's approach to this issue is very serious; therefore, I do see that they are dependable, and choose them as partners. In this situation there is no zango's fault. Most likely it is my program's fault that such mistake was made. And, of course, the real offender is the host company. Porter:Did they test your application after it launched with the Zango product bundled? Yap's Response: Yes, the testing was done. Maybe, at that time 404 page wasn't showing any illegal content. I cannot say for sure since I did not check. Labels: Yapbrowser, Zango
Well.....
.....strokes chin...
.....has a think........
.....bleh.
It is indeed a possibility - however, the possibility is so slight that you're pushing the envelope of credibility to expect anyone to believe it.
For example:
Porter: Have you received payment from 180Solutions for the Zango downloads you delivered?
I don't know about you, but...
1) I downloaded the application at least two or three times - due to the download corrupting. Then I downloaded once more, shortly after they'd brought their site back online - I wanted to see if it was still functional (it wasn't). Are we including attempted download attempts here too, or just "completed" ones?
2) Andrew Clover downloaded the application and tested it - so, there's another one.
3) Sunbelt wrote about it - presumably, they would've downloaded the application too.
4) McAfee cover the program on their listings here. One more download ftw.
5) Numerous other people - security buffs, "curious" passers-by and God knows who else will naturally want to play with the "latest nasty app" on the shop floor. Happens every time. And I imagine lots of sickos who got wind of the story would've downloaded it as fast as their little illegal pr0n legs would carry them. I even had a few people posting "Where can I get this thing" in my comments - I doubt it would've taken them long to get hold of it.
See?
That doesn't seem like "only five downloads" to me, especially as the site was publically available. if it "wasn't for public distribution", why on Earth was the site live and ready to roll? It just doesn't make sense. Especially when the site has clearly been shovelling some traffic. Their Alexa rank is 1,235,992, which isn't amazing, but it's hardly the "nobody has seen us, right?" assessment that the Yap guy would have us believe.
I would be curious to hear how many downloads there were of this thing from Zango, or if they can't answer that one, at least how many installs of their Zango software were made via the Yapbrowser application.
Another one...
First of all, they were not my permanent web host company. The sites were kept there temporarily, before the launching of the program for the testing purposes by my employees. If I would have launched the program, I would have bought my own server.
At that time it was not worth to maintain an expensive server because this project was taking too much money, which I am very limited with. The websites were kept at that server for free.
Yeah right, we were just "testing" and accidentally ended up on a box with tons of dodgy exploit sites. Oh noes. If anything, this tells me they need to hire some staff who know what they're doing next time.
As for the allegation that the whois details for their sites match the details often used for Cws hijack sites of the highest order?
.....yes, please register my website Mr Mystery Man, even though I don't know who you are and I know nothing about you. Here's all my money and I'd like you to inspect my wallet, too!!
First of all, I wasn't paying much attention to yapsearch.com website.
...no kidding.
To test it, I simply installed the design template with non-working hyperlinks and a search line field. I have no idea that on a non-existing page there might be such content with offensive material.
Yep, we simply had no idea that clicking one button would take us to nasty things.
But wait - Yap guy seems to be confusing the issues. Because at no time when testing the Yap search webpage functionality did I get taken to the UA pr0n. Clicking the links did nothing, and using the search box took you to a blank page (as you can see from Andrew Clover's video).
No, the nastypr0n only showed up for me when:
1) You tried to surf using the Yapbrowser application - not when using their search website.
2) You tried to enter in what you thought would be the correct URL for their "Adult version" of Yapbrowser in a normal browser such as IE or Firefox, only to be taken to the nasty stuff.
So, just to confirm - nothing nasty happened for me when using the Yapsearch website. Again - to me, this would point to something inherent to the Yapbrowser application.
Right?
In my honest opinion, I don't buy it. if I did, it'd have to be with a slightly manic grin on my face and about six kegs of Mam's Finest Ale in my gullet. With this in mind...and churning the above silliness over and over in your brain as you read what comes next...
before they agreed to have their software bundled with the YapBrowser application?
Yes, that testing procedure was extremely harsh!
So harsh, in fact, that once again it took a bunch of external third parties to go in and clean up yet another fine mess (TM).
No, it's okay Zango - don't bother doing any kind of basic searches on the people you're doing business with. Even if it does only take about an hour to find out everything you need to know about a disaster waiting to happen like this. Don't bother going back to anybody you partner with and (heaven forbid) test their applications out, just to see if they're diddling you. That'd just be madness.
Can it really be so easy to cheat the Zango system?
The bottom line is, 180 / Zango / whatever they call themselves have a distribution model in place that is fundamentally broken. More horrible tales like the Yapbrowser saga will continue to lurch into public view and pummel an already shaky reputation.
All I can say is, prepare yourself for the next one.
Because there will be a next one.
There always is...
Friday, May 05, 2006
Yapbrowser respond to Wayne Porter..
...in case you don't know, the guys slap bang in the middle of the Yapbrowser storm agreed to an interview with Wayne Porter - you can see the answers to the questions he posed here. Labels: Yapbrowser, Zango
I'll likely offer up my thoughts on the Q&A at some point in the near future...
Friday, April 21, 2006
UA porn site taken down, crowds cheer.
Labels: Yapbrowser, Zango
Take that, scum!
The UA porn site at the center of the Yapbrowser storm has indeed (for now) bit the bullet.
Of course, nothing is certain with these things, so it could potentially pop back up as quick as it's gone down. For one thing, if the account has been canned, why is the "more coming soon" tagline at the top of the page still there? (You can't see this in the screenshot, by the way. And yes, you got me. Click to enlarge).
This may well be a "fake" account suspended page, while the people behind it shift servers and wait to throw the site back up once the smoke has cleared.
However, all the related pages to this index seem to be down as well, serving up 404 "page not found" error messages. This might just be the way the host goes about canning a rogue website. Time will tell, and at least the thing is offline - that'll do me for now.
So, a guarded celebration of sorts. A nice way to start the day - who's next?
Wednesday, April 19, 2006
Yapbrowser answer my questions
I'm not going to offer opinion or interject or make witty comments - simply cut and paste their answers to my list of questions below. YB: Every url direct to nonexistent page. Did you checked html code? Did you check how everything worked? On my opinion here nobody has understood in what problems is, and have started to accuse us at once. Labels: Yapbrowser, Zango
1) Why is Yapbrowser avilable to download again, when the application doesn't actually work? (Any search made results in a page cannot be found message)?
YB: Because there on the main page was only a pattern i.e. only design of a site for a kind. And in general all sites are not completed. Partner program is in a test mode. Even the engine of site has not been installed on a site yet. On them there are no users and there is no traffic. This all is made for us, but not for for public. For public all would be tested and all links would appear in a working kind.
2) On your site apology, you say:
Some links of our browser direct on 404 page on which our hosting provider promoted an illegal content.
Presumably you are referring to the fact that any "mis-types" of your domains redirected to the porn (which I touch on later).
This is informative, but does not explain what was happening inside the Yapsearch application. None of the links in the Yapsearch page worked. Neither did typing anything into the search bar inside the Yapsearch page (for example, the search for the word "Spam" resulted in...a blank page).
No, what's interesting here is this extract from the logs, when Andrew tries to reach Microsoft:+++GET 60+++
What appears to be a 302 redirect - a common hijack employed by (sometimes rogue) search engines, where valid URLs are shunted out of the way by dubious pages. On many occasions, it's an error - however, in this case it looks like someone went a bit further and crafted some kind of built-in 302 redirect into the Yapbrowser application. And nobody noticed?
GET /search?q=http://www.microsoft.com HTTP/1.0
Connection: keep-alive
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
Cookie: PHPSESSID=pkt2t4q58jl5q9rdvuto04sp24
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: yapsearch.com
+++RESP 60+++
HTTP/1.1 302 Found
Date: Sun, 16 Apr 2006 19:54:18 GMT
Server: Apache/2.0.54 (Fedora)
Location: url removed
Content-Length: 307
Connection: close
Content-Type: text/html; charset=iso-8859-1
+++CLOSE 60+++
YB: I Repeat. Search on a site does not work. Also search in a browser does not work. Guys from Zango checked our program before to give us bundle. All changes on your computer could happen after visiting illegal page. There could be viruses. Check up a code of a browser and you will see that we do not do in a code any replacements hosts and so on.
3) All you had to do to see the porn was hit the green "go" button. Are you telling me that from the point where you tested the application, up until launch, and then while people were downloading Yapbrowser, nobody in your company noticed this? It wasn't difficult to spot, after all.
YB: This version is intended only for us. To show a Zango team that our program is. There are does not work lots of things. By pressing the button it is possible there was transition to nonexistent page.
4) As mentioned earlier, when attempting to get the download for Yapbrowser to work on the adult page, typing in numerous attempts at what I thought would be the download link resulted in me being redirected to the X-Treme Lolitas page. So, not only had someone managed to hijack your application without anybody noticing, they also managed to somehow have every one of your mis-typed urls also direct to the pornography. Again - how did nobody notice this?
The Yapbrowser site was registered in December, 2005. It's now April. That's an awful long time to miss something so serious. No end-users complained about this, either? How long has this hijack of your application been going on for?
What difference when has been registered the domain? We have found the name, have registered, and domain was empty any time. It is really problems in this? Domain yapsearch.com the second year and what in this? I speak that we worked above the project and till now we work. But it look like developing events and strong black PR our partner program is not realized :-( But it would be trust in best. And even to prove my innocence, than I am doin gnow. If I was engaged in illegal business and i would not need to be justified, would not?
5) Why is the name "John Malkovich" down as the contact for Yapcash? Seems awfully funny that Petr Rian is down for all the other domains, but the one that sorts out the money-making deals has the world's craziest actor as the domain contact.
YB: There are pseudonyms. On the Internet everyone use pseudonyms. It does not connected with business and it is not very important at all. It is not very good when in news your names will pour down with dirt. The registrar of domains allows to use pseudonyms.
6) On the subject of being John Malkovich, (and with a big chunk of text lifted from Andrew Clover), the same details are used for a group of sites at Eltel, a Russian ISP, including one site that redirects the user to browser exploits at paradise-dialer.com, which load trojans, spyware and dialers. Paradise-dialer's whois places it as part of the CWS group known as Dimpy, aka BigBuks. Since the BigBuks whois is also given by mix-click, referred to by the yapbrowser/yapsearch whois, and the aforementioned servers at Pilosoft and Eltel (as well as the paradise-dialer server also at Pilosoft just a few IP addresses away) run many other sites that link back to browser exploits and child porn promotions run by BigBuks, it seems reasonable to assume that they are the same group of people.
So, is this you or not? And if not, how come the contact details are the same?
The Yapbrowser saga continues...
Questions are currently being asked about the Yapbrowser application which bundled Zango in with a rather unfortunate "surprise" package (more of a nightmare, actually). Labels: Yapbrowser, Zango
To their credit(!), the Yapbrowser people have popped up across the security sites and put their case forward - unfortunately, it looks like English is most definitely not their first choice of language. I can't see how we're going to get answers to some of my questions, when the best we can get is this answer posted at Wayne's blog:
This document have no any attitude. Idea of mini browser we have got realy long time ago. Mini browser is nessery that user can see free content with. Our idea consist in. In document told about multyfunctionsl bot. Please remember why we need all this?
It is not visible that have substituted us...
I think I need an OMG, closely followed by a BBQ.
Even more interesting, is the link to an adult webmaster posted over at the Sunbelt blog a short while ago. I won't link to it here, as I don't want to be responsible for priests and holy water being hurled at your monitor.
However - it is interesting that the Yapbrowser guy on that forum has already notched up 811 posts. This would suggest a far greater connection to the slightly sleazier side of the web than their broken "adult version" of their browser would suggest. Translated extract ahoy:
tell entire situation in the order. We were registered in zango several months ago. They concluded agreement and sent to them our program to naproverku. They verified and approved program. In parallel in the course of several months our programmers wrote the cursor of partnerki yapcash.com. The sense of the work of our program consists in the fact that the user through it free of charge examines FKHG. The cursor of partnerki so they did not have time to finish, until now, and recently happened this khuynya. Vobshchem happened the following. Khoster in which temporarily khostilis' our sites used 404 traf for its purposes. As you see there it proved to be entire nador SR ekspy of every kind. We about this did not know. They learned only from the news of &#'yshchy'; On video evidently that of yuzer presses on the reference which it conducts on the nonexistent page. We repeat nikoyem by means we do not relate to SR. To us this simply not necessarily since the project completely of legalen and on us fell down blek of piar.
Now - the application was back up and available for download yesterday, though it didn't actually work. Probably a good thing, in light of what happened last time. However - the Zango software has been removed at the speed of light. Interesting that 180 have made no statement on this one.
Then again, "Uh-oh Spaghettios" probably wouldn't cut it.
"Verified and approved the program"? Great work, guys. Perhaps next time, you might want to test an application after it's gone live, too.
I predict a riot, indeed...
Tuesday, April 18, 2006
Yapbrowser respond: Paperghost replies in kind
I just checked out the sites that commented on the Yapbrowser affair - and I was surprised to see myself mentioned by a Yapbrowser spokesperson. They posted the same comment on the Sunbelt blog, Wayne Porter's blog, Techdirt and probably other places too. Damage limitation kicks in at the speed of light. Well, here are my questions...as you may have gathered, I'll be posting these in all the previously mentioned locations...first off, Yapbrowser's response... Labels: Yapbrowser, Zango
Hello
I am representic of web site yapbrowser.
We are a leading development company in internet
Some days ago we got information that anybody told about us really missunderstanding things.look at this article: http://www.vitalsecurity.org/200...o- andchild.html
We and all our staff wanted to say that this is really big mistake, becouse we can show you all garanty that this article do not have any confirmations. The problems had been connected with our hosting comapny provider.
This guys try to sell their products in traffic of our project and not inform us about. We will try to do all possible that this guys will responsible for this act.
And we are really sorry to all our users and partners which work we hope we will continue our business as ever. All our sites will be work in new hosting in some days.
The best
Enigma Global Inc.
Director
The problem is, however you look at it, Yapbrowser popped open a site offering monster nudie pics of what appeared to be very young teens, with keywords used by that particular site such as "preteen lolita" and "young lolita". It popped the site open when you typed anything - anything - into the Yapbrowser application and hit the "go" button. This is a major quality control malfunction.
They also posted the following in my blog comments:
We have checked the article in your web page. About child porn sold from our web project. This is really big mistake which we correct now becouse we have never sell this products. We do not know but anybosy wrote an article about our project and place in your server, We would like to ask you to correct this article and wrote that it was really big mistake that we have never sell child porn. Becouse it was bad hosting provider which try to sell inlegal our his web pages with help of our project.
Hope you will correct this article as soon as possible
I never said you sold the porn yourself. I said your application redirected any search enquiry made in Yapbrowser to the porn site. You were then presented with the option of purchasing porn from the adverts. From the article:
1:11 minutes: He clicks the green "go" button, and...child porn! Not just any old UA porn, mind you, but the stuff you have to pay for. $79 for a month, no less.
Nowhere there do I say you are selling the porn. It is obvious that the X-Treme lolitas website is selling the pictures and / or video content, not the Yapbrowser application itself.
Now, if you do some digging round on the Red Lagoon / Shadow Community people, as well as the X-Treme Lolitas page that hosts the adverts, you'll quickly find that they're mentioned on numerous sites where talk of animals, young kids, baby pictures and Christ knows what else are all available. It's also mentioned on numerous "top 100" lists of underage porn sites. In addition, there are numerous sub-domains of the X-Treme Lolitas site, where some users have apparently "rolled their own" porno pages.
So, we are all agreed that this is not a good thing, yes? I'm saved from having to go into a tiresome "why this is illegal" rant because Yapbrowser already said it was illegal themselves. So there we go.
(As usual, click the image to enlarge, etc, so on and so forth).
This apology is also on the "Adult" version of the site - so far, so good.
No word from 180 Solutions yet, but then I imagine they're probably spinning right round, baby, right round. At any rate, Zango no longer installs with Yapbrowser.
Anyway, my questions for Yapbrowser:
1) Why is Yapbrowser avilable to download again, when the application doesn't actually work? (Any search made results in a page cannot be found message)?
2) On your site apology, you say:
Some links of our browser direct on 404 page on which our hosting provider promoted an illegal content.
Presumably you are referring to the fact that any "mis-types" of your domains redirected to the porn (which I touch on later).
This is informative, but does not explain what was happening inside the Yapsearch application. None of the links in the Yapsearch page worked. Neither did typing anything into the search bar inside the Yapsearch page (for example, the search for the word "Spam" resulted in...a blank page).
No, what's interesting here is this extract from the logs, when Andrew tries to reach Microsoft:+++GET 60+++
What appears to be a 302 redirect - a common hijack employed by (sometimes rogue) search engines, where valid URLs are shunted out of the way by dubious pages. On many occasions, it's an error - however, in this case it looks like someone went a bit further and crafted some kind of built-in 302 redirect into the Yapbrowser application. And nobody noticed?
GET /search?q=http://www.microsoft.com HTTP/1.0
Connection: keep-alive
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
Cookie: PHPSESSID=pkt2t4q58jl5q9rdvuto04sp24
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: yapsearch.com
+++RESP 60+++
HTTP/1.1 302 Found
Date: Sun, 16 Apr 2006 19:54:18 GMT
Server: Apache/2.0.54 (Fedora)
Location: url removed
Content-Length: 307
Connection: close
Content-Type: text/html; charset=iso-8859-1
+++CLOSE 60+++
3) All you had to do to see the porn was hit the green "go" button. Are you telling me that from the point where you tested the application, up until launch, and then while people were downloading Yapbrowser, nobody in your company noticed this? It wasn't difficult to spot, after all.
4) As mentioned earlier, when attempting to get the download for Yapbrowser to work on the adult page, typing in numerous attempts at what I thought would be the download link resulted in me being redirected to the X-Treme Lolitas page. So, not only had someone managed to hijack your application without anybody noticing, they also managed to somehow have every one of your mis-typed urls also direct to the pornography. Again - how did nobody notice this?
The Yapbrowser site was registered in December, 2005. It's now April. That's an awful long time to miss something so serious. No end-users complained about this, either? How long has this hijack of your application been going on for?
5) Why is the name "John Malkovich" down as the contact for Yapcash? Seems awfully funny that Petr Rian is down for all the other domains, but the one that sorts out the money-making deals has the world's craziest actor as the domain contact.
6) On the subject of being John Malkovich, (and with a big chunk of text lifted from Andrew Clover), the same details are used for a group of sites at Eltel, a Russian ISP, including one site that redirects the user to browser exploits at paradise-dialer.com, which load trojans, spyware and dialers. Paradise-dialer's whois places it as part of the CWS group known as Dimpy, aka BigBuks. Since the BigBuks whois is also given by mix-click, referred to by the yapbrowser/yapsearch whois, and the aforementioned servers at Pilosoft and Eltel (as well as the paradise-dialer server also at Pilosoft just a few IP addresses away) run many other sites that link back to browser exploits and child porn promotions run by BigBuks, it seems reasonable to assume that they are the same group of people.
So, is this you or not? And if not, how come the contact details are the same?
7) As has already been mentioned by others, how come you are mentioned in a Russian document taken from an exploit site?
That's about everything I have to ask for now, and I'll be eagerly awaiting your response.
/ Update - The Yapbrowser people have replied over at Revenews.
And, also at Revenews, I predict a riot in the form of some translated Russian from a Yapbrowser guy.
Monday, April 17, 2006
Yapbrowser: serves up Zango and...child porn?
Labels: The Big Ones, Yapbrowser, Zango
Looks like another bad day for 180 Solutions.
After Mike Burgess highlighted a new install doing the rounds, some of us in the security community have been playing with it and the results are pretty shocking, in an "oh no not again" kind of way.
Andrew Clover has a rather interesting runthrough here, and you can read my thoughts on the app below. It once again goes to show the hopelessness of trying to maintain affiliate networks where software installs are concerned, and (sadly) will come as no great surprise that someone is gaming the Adware system. For the billionth time.
Andrew has also put a short movie file together, where you can see exactly what Yapbrowser does. Of course, he's obscured the illegal images, and you'll need to download this Codec to view the movie.
Wait, did I say illegal images?
That's right, because we're going to look at a browser search tool, which installs Zango (180 Solutions) software, discloses it, doesn't try to install via a hijack but....and I quote Andrew:
Type a URL into the address bar at the top- any URL, or anything at all, or nothing - and the browser sends you straight to an advert page. An advert page for hardcore child porn sites.
Whoops.
Yapbrowser comes in two different flavours - Adult (complete with the Latin text left over from whatever template they used), and Regular. Regardless of which one you download, they both seem to (not) work equally badly. In fact, the "adult" version doesn't actually work at all, because the download link is bogus. And don't add in what you would imagine the download url to be - you'll be redirected to the UA porn site in the screenshot. Minus the blanked out images.
Another quote from Andrew at this point:
The whois information for yapcash.com, the affiliate scheme for the yapsearch.com site, is given as "John Malkovich" - obviously fake, but with a probably-not-fake e-mail address at yahoo. The same details are used for a group of sites at Eltel, a Russian ISP, including one site that redirects the user to browser exploits at paradise-dialer.com, which load trojans, spyware (via the CWS Cactus group) and dialers (from PremiumBilling, aka Coulomb).
A reputable bunch of people, there! Thank God for being able to weed out the bad actors. I'd hate to think that anyone could've discovered this thing serves up child porn by, you know, running the bugger in a Q&A department. It's not like it's a hidden Easter egg, for God's sake - you come across it by using the primary function of the browsing applicaton. You know, the big, green "Go" button.
Oh well.
There are also some earlier mentions of this thing here, April 7th. Numerous CWS groups are listed, from a document found on a hijack site:
We uncovered a document in Russian at instme.biz and just last Friday at highconvert.com we snagged an updated copy of how they operated in Russian:
...it refers to the yapsearch.com which also includes the yapbrowser.com which they bill it as safe:
"..There is a 100% guarantee no system infection will occur when using our software. YapBrowser is the only browser which gives you safe search and browsing capabilities..."
Yes, incredibly safe. Apart from the go-to-jail-inducing child pornography. No shock that Yapbrowser is mentioned in the same breath as numerous exploits, hijacks and keyloggers.
Highlights from the video:
00:19 seconds: Full disclosure of the Zango software about to be installed, with accept / decline options.
00:23 seconds: The Zango software begins to download onto the PC.
00:46 seconds: Yet another notification, this time from the Yapbrowser application, stating that it doesn't contain anything harmful(!) such as "Bookmarks", "Grecian Horses" and the like. Phew, that's a relief.
1:11 minutes: He clicks the green "go" button, and....child porn! Not just any old UA porn, mind you, but the stuff you have to pay for. $79 for a month, no less.
1:31 minutes: He does a search for the word "Spam" in the Yapbrowser search bar, and the screen goes blank.
1:46 minutes: He types in Microsoft.com, hits the "go" button, and....more child porn!
The slogan for Yapbrowser is "Don't waste your time".
How appropriate.
And, once again, we find a major Adware distributor caught up in the nasty side of the web. This will probably mean another addition to the 180 Solutions in 365 days list. At this rate, Spywarewarrior might have to add a whole new page. As for me, well, 180 already labelled me a wild eyed fanatic (no doubt foaming at the mouth and waving the village idiot bell):
Paperghost and other fanatics, after months and months of saying we don't provide any content in exchange for showing ads, now object to the content we do provide.
...so I'm probably beyond all hope.
However, it's a nice feeling to wake up every morning and know that I've contributed to the general health and wellbeing of our Online world in some small way. I imagine the other "fanatics" feel the same. I can't even begin to get my head around what it must be like, to be contributing to the problem via hopelessly stupid installs like these and seemingly offering up nothing but spin, insults and continued problems galore in return. Sorry guys, but we've heard it all before. This isn't the first screwball install, and it won't be the last, will it?
Stick that in your longtail and smoke it. Oh, and try shutting down Yapbrowser while you're at it. K thx bye.
/ Edit - Just been informed that Techdirt has just picked this up. And of course the ever-rocking Sunbelt guys too. Wayne Porter revisits the ghosts of the past. Meanwhile, Suzi Turner picks up the pieces over at ZDNet and glues them all together. Realtechnews offer up an opinion here.
And the Yapbrowser domains are all down...
