Office Memo 26

Home > Office Jotter > Office Memos > Office Memo 26

Time for a snack at Office Jotter?

Office Memo 26

5 March 2007

Yapbrowser: Directing you to Illegal Content in One Click or Fewer

Web browsers. They're all around you, on just about every PC on the planet, yet you probably don't stop to think about them too much. Why would you? They're just there, and that's all that matters, like the mouse or the keyboard - a tool you just plug in to do something else, without worrying about what they happen to be doing internally. It's your gateway to the online world.

We have a voracious appetite for the latest hot new browser, the Firefox killer, the latest features and functionality. We give up our trust to these browsers wholeheartedly; let them save our passwords, keep hold of our browsing habits and much more besides. For all the new features, bells and whistles, there used to be one thing you could guarantee when using a browser - type in a URL, and that's the page you'll see. Right?

Wrong. In April 2006, a new Web browser that came bundled with Zango Adware was launched, to little or no fanfare. Called Yapbrowser, it came with adware but there was no hijack, disclosure was good and you had to go to the Web site to download the software. So far, so good - especially as the browser installed itself with no problems and a minimum of fuss.

Imagine the look on your face then, when you decided to try out Yapbrowser, agreed to the Zango adware, opened the browser and typed in a URL - any URL - and hit the green "Go" button. You were immediately redirected to hard-core child pornography. Regardless of what you typed into the browser, you were taken to go-to-jail-inducing material with no warning.

How many times have you downloaded an application program and installed it without wondering beforehand if it would lead you to illegal porn? Probably never. But with the arrival of Yapbrowser, everything changed. Here was a program that was far worse than any random Myspace phish or random piece of malware that turns off your security settings. You can recover from those.

Imagine running Yapbrowser on your business network, or on your home PC which breaks the day after. You're then faced with the choice of taking it in for repairs or throwing it off a cliff. Think those PC repair guys will believe you? "What's that, a kiddy porn browser?" "Yeah right, mate. Pull the other one. Now wait right there while we call the police..."

More trouble

I don't think anyone had previously considered the humble Web browser as an offensive weapon but over the course of 2006 everything changed. Alongside Yapbrowser, we had the wonderfully named "Safety Browser" (which installs itself without permission as part of an instant messaging hijack) and Browsezilla (which made secret calls to pornography Web sites). There's probably more still flying under the radar, ready to be discovered in the worst possible circumstances. The question is, what can we do about it?

This is a relatively new area of Web-based depravity, so the oft-repeated advice applies - before downloading it, spend a few minutes Googling the name of any new browser you happen to come across. Considering the kind of trouble you could avoid by doing so, it's well worth the time and effort.

The possibilities for attack are almost endless in this brave new world of malware making. For one thing, you have ease of distribution - it's not as though you have to hack servers and hide your dubious infection files from public view. The nature of a Web browser is that it's universally trusted and geared towards many kinds of distribution, be it viral, word of mouth or flashy ad campaigns. As long as the bad guys can keep the real intent behind their program hidden until the last moment, that's all that matters. Openly pushing it to everyone is no big deal for them.

If the bad guys didn't want to go down the route of incendiary illegal content redirection, Yapbrowser style, they could always take a more subtle approach. How about accepting money for rogue banner ads built into the browser? There are plenty of application programmers out there who would be happy to pay for such a deal. Maybe they could come up with a twisted version of the password storing features so commonplace in modern browsers, where they steal the stored information instead of keeping it safe.

What happened next

Now that I've depressed you with the dismal promise of what could be coming down the pipeline, I'll close this cautionary tale with something approaching a happy ending.

You're probably curious to know what happened to Yapbrowser. Well, within a day of revealing what this program did, Zango cut off their distribution with the Russian-based application program. Shortly after that, the company behind it collapsed, the browser itself was killed off and the site hosting the images that caused all the fury was finally taken off-line.

A few months later Yapbrowser returned with the bizarre claim that it could guarantee 100% "that no malicious system infection will occur when using the software". At the least the connection to the dubious pornography Web sites was severed.

The browser was bought out by search portal SearchWebme, which intended to add a little respectability to what must be the most unfortunate Web browser ever. Sadly, things don't appear to have worked out quite as the creators of Yapbrowser would have liked. I recently saw the Yap domain on sale for the low, low price of... ten thousand dollars.

***

Christopher Boyd, Director of Malware Research, FaceTime Communications, contributed this article. Our thanks go to him.

FaceTime Communications are exhibiting at Infosecurity Europe 2007, billed as Europe's largest and most important information security event. Now in its 12th year, the show features a free education programme and over 300 exhibitors. It takes place at the Grand Hall at Olympia, London, from 24 to 26 April 2007.

About Office Memos

An Office Memo is an extended comment on what is happening in the world of the electronic business and elsewhere. Some memos will have appeared in Office Jotter; others are simply referred to in it.

You are free to disagree with, amplify or even agree with anything that appears in Office Jotter or an Office Memo. Of course, the rest of us will never know this unless you write in with your views, so please comment, in the blog or with an Office Memo*.

Content from Office Jotter or Office Memo may be circulated freely, so long as you remember to credit its source.

Thanks,

Roger Whitehead

Publisher and editor

*No more than 1,000 words at a time, please. I edit material for publication but as lightly as possible.

Copyright Roger Whitehead, 2007. I hereby assert and give notice of my right under section 77 of the Copyright, Designs and Patents Act 1998 to be identified as the author of these publications. Copyright in the content of Office Memo contributions remains with their authors.