Stay far away from YapBrowser

This is a completely worthless and, in fact, potentially dangerous application that pre-installs 180Solutions Zango and does nothing but apparently redirect you to a porn site.  A relationship to child porn is even suggested from posts by Andrew Clover (who calls it the “kidporn browser”) and PaperGhost.

You can see here the URL “microsoft.com” is redirected to this porn page:

Yapbrowser234081231

More worrisome is a Russian document (related to the highconvert gang) that we uncovered on April 4th which suggests that the YapBrowser will be used for some very nasty spyware installs.  You can read the translated document here.

Some snippets:

Since we’ve already developed our own bot system we’ve decided to provide our partners with some convenient tools. We’ve invented Adware system. The idea of this system is to have software that will be installed on user’s PC by our Loader. After being installed on user’s PC this application will do anything necessary to show ads to the user. It can be some console, icons, messages, screen savers, home page replacements and so on. Programmers’ creative minds have no limits J There will be couple of versions of software – simple and aggressive and our partner will be available to choose the most appropriate for them.

 

..Create a mini-browser and install its icon to system tray. Every 10 minutes it will show pop ups (customizable) and if user clicks on tray icon this will invoke our mini-browser. Mini-browser will have a toolbar with a search bar and buttons and links and it will show our web pages. We will implement specific designs for that. (Pop ups and browser itself fits well for showing RRS or dating web sites).

…System messages with any possible content. They are very good to alert the user about some possible threat (virus for example, and it’s very good for advertisement). It’s possible to implement it in a form of “Blue Screen of Death”.  Please think about it and implement anything that is possible.

…Replace 404 error page, home page, search page and local page. Replacement will be done with local html page (local feed). Local pages will be loaded to user’s PC in multiple forms and different designs. They might look like this: www.yapsearch(dot)com

 

…Invisible clickers. Most appropriate for Dating web sites since they pay for every click as well as for RRS. However for this type of application we have to make sure that it doesn’t behave like clicking on all possible URLs but rather imitates the real user. Clicker will work with certain web sites according to the way it was set up.

 

…Replacement for Google, Yahoo, MSN. For example if user goes to Google web site and searches something from there then search results won’t be taken from Google but rather from our RRS. Think of how this can be implemented. This is very common these days so it’s possible to implement it.

 

…Change Security level to… Low (good for installing toolbars, dialers).

 

…This means that admin console [redacted] will provide every advert a link named “Adware Soft”. That’s exactly where new modules will be created. Advert will be able to select what functionality he wants. For instance if somebody doesn’t really want to completely kill user’s machines may choose only one function – replace 404 error messages, home pages and search page or to install our mini-browser only or desktop icons only or all the above.

…This means that admin console [redacted] will provide every advert a link named “Adware Soft”. That’s exactly where new modules will be created. Advert will be able to select what functionality he wants. For instance if somebody doesn’t really want to completely kill user’s machines may choose only one function – replace 404 error messages, home pages and search page or to install our mini-browser only or desktop icons only or all the above.

…Since our AdWare software will be delivered to the end users not only by our system then we must make it customizable for every partner. For example we can create a brand new web site.

 

…On that web side we will offer to adverts our software only and will ask for 30% share in installations. Advert will be able to build .EXE configured in a special way with all functions that he needs. Definitely 30% of his users will see our mini-browser with our content, not his.

 

Just stay the heck away from YapBrowser and Yapsearch(dot)com.  Nothing but bad can come from this.

 

Alex Eckelberry

 

Update:   From VitalSecurity: “Just been informed that Techdirthas just picked this up. …and Wayne Porterrevisits the ghosts of the past.”

Leave a Reply

Your email address will not be published. Required fields are marked *