Update: ‘Yapbrowser’ raises security concerns

A Web browser originating in Russia is available for download again after it was taken down last month when security analysts found it directed users to child pornography.

The Yapbrowser instantly raised concern when it was noticed in April, said Chris Boyd, security research manager for FaceTime Communications. Typing any search or URL (uniform resource locator) into the browser led users to Web sites containing child pornography.

Under pressure from security researchers, the software’s creators took the browser offline about a month ago. But the Yapbrowser has now appeared on a new download site, according to a security blog run by FaceTime.

Security researchers say it falls into the category of rogue browsers, which take users to ads or other content that they don’t ask to see. It was originally hosted on a server in Russia that also hosted “hijack” sites, such as search engines that flood computers with adware, Boyd said. Users were lured to the site through unsolicited e-mail.

The new version of the Yapbrowser doesn’t work properly, throwing up a 404 error page when a URL is entered, according to Boyd.

“We’ll be keeping an eye on it just to see what happens,” Boyd said. “For the moment they’ve relaunched, but it doesn’t actually function, which seems a bit pointless.”

Security researchers advised users to not download the browser, despite tortured English claims on the site that say “Your computer will be free from viruses breeding online.”

The Yapbrowser at one time was also bundled with Zango, software from 180solutions Inc., based in Bellevue, Washington, that delivers ads based on searches. 180solutions has come under frequent fire for promoting programs that installed unwanted adware and spyware with little or no user consent.

Adware, the term for software that delivers advertisements, and spyware programs, which can record what Web sites a person visits and send the information to a marketer, can slow down computers and be difficult to remove.

Steve Stratz, public relations director for 180solutions, said the software bundle with the Yapbrowser was never publicly available. However, at least one copy of the bundle was obtained and eventually looked at by security experts, Stratz said.

The bundle was still being tested when 180solutions severed its arrangement after the Yapbrowser’s link to child pornography became known, Stratz said. 180solutions, he said, will not have any further business with Yapbrowser.

Yapbrowser officials acknowledge that 180solutions had nothing to do with the link to the pornography, and the problem was with their own hosting service, Stratz said. 180solutions contacted the U.S. Federal Bureau of Investigation.

“That is obviously the worst of the worst of the Web,” he said.

180solutions was the target of a complaint filed earlier this year with the U.S. Federal Trade Commission by the Center for Democracy and Technology (CDT), a Washington, D.C., nonprofit group. The CDT alleged the company used deceptive practices to get users to download software.

Boyd and other security analysts corresponded with Yapbrowser’s Russian creators, who eventually withdrew the product, saying they were “shocked” by the content it fetched.