- YAPBrowser- Questions & E-mail Interview
I received confirmation via the "Yap Browser" people who stated they would work on answering questions for next week. The YapBrowser's questions were written in English and then translated into Russian (Thanks Anna and thanks Joe!) and urged to reply in Russian- their native laungage. As soon as I have their answers I will have them translated, once again, by two different teams and post the Russian answer document as well. All will be followed per the rules of engagement.
Wayne Porter's E-mail Interview: Questions to Yap Browser:
1. So that it is clear what is the name of the entity or company that develops and operates YapBrowser?
2. Are YapBrowser and YapSearch.com controlled and / or operated by the same entity or otherwise related?
3. For the purpose of general information background and mutual understanding, can you describe the business that you conduct on the Internet?
4. How long has YapBrowser been available for end-users to download from the Internet?
5. Aside from working with 180solutions can you cite, as trade references, any other businesses or advertisers that you work with, have worked with in the past or those who have expressed interest in working with you in the future?
6. How long has YapBrowser bundled the 180solutions product- Zango?
7. How were you not aware over that period of time that your application / sites were redirecting to the offensive material?
8. How rigorous was 180Solutions / Zango in terms of checking your application
before they agreed to have their software bundled with the YapBrowser application?
9. Did 180solutions test the software prior to your agreement to bundle Zango?
If so, can you describe the process that was involved?
10. Did they test your application after it launched with the
Zango product bundled?
11. Have you received payment from 180Solutions for the
Zango downloads you delivered?
12. Your sites were hosted on a server that also hosted
known hijack sites and sites related to other allegedly illegal practices.
Specific examples would include instme. biz and nstallme. info.
At the time of my testing there were only six other sites residing on this server besides yours,
and approximately 60 + sites on a related IP address. Again, many of which were highly dubious
and well known to the security community.
Given the current state of Russian webmaster forums, where whole sections are
devoted to "rogue" sites and installers, as well as the widespread coverage of these
groups by Western security companies, how is that you were not aware of the
practices of your neighbours on this server?
13. How is it that you were not aware your chosen server host
were well known and documented for hosting such sites and material?
14. To quote from your exchange with Paperghost at VitalSecurity.org:
Paperghost: The same details are used for a group of sites at Eltel, a Russian ISP,
including one site that redirects the user to browser exploits at paradise-dialer.com,
which load trojans, spyware and dialers. Paradise-dialer's whois places it as part of
the CWS group known as Dimpy, aka BigBuks. Since the BigBuks whois is also given
by mix-click, referred to by the yapbrowser/yapsearch whois, and the aforementioned
servers at Pilosoft and Eltel (as well as the paradise-dialer server also at Pilosoft just a
few IP addresses away) run many other sites that link back to browser exploits and
child porn promotions run by BigBuks, it seems reasonable to assume that they are
the same group of people.
So, is this you or not? And if not, how come the contact details are the same?
YapBrowser: We now try to find people which are involved in
an illegal site. They had some attitude to domain names, but not to our activity. Similar
these people are engaged in distribution illegal content and in parallel contain a server
for this purpose. We have chosen a unsuccessful place of accommodation of the
projects in a network.
Given your statements and acknowledgement of illegal content distribution,
presumably you have accurate details of who you did business with for hosting.
This would include business names, individual names, addresses, phone-numbers, etc.
You appear to claim to have been victimized by a supposedly legitimate business entity,
are you willing to serve the public interest by making this information
available in this interview?
If so, please provide details. If not, why not?
15. It was been brought to my attention that:
A representative of YapBrowser is John Helbert, as seen here:
A connection has been made between this person and an individual called “Klass” a member of a “Lolita / CP” board called “Dark Master”. (Matching ICQ numbers, etc). More on this connection can be seen here:
What is your response to this connection between YapBrowser and the “Dark Master” forums?
16. Ben Edelman provides video evidence of the dubious activities of an outfit
called HighConvert working with a number of adware companies. See video: http://www.benedelman.org/scripts/video/?v=highconvert-081505
this operation appears to be related to a document uncovered and transcribed from Russian
into English by Sunbelt Software in early April. The YapSearch domain is cited in this document.
Reference English translation of document here: Sunbelt Translation Document.
The document outlines plans for “invisible clickers”, lowering of browser’s security settings,
utilizing “Blue Screen of Death” for trick ads, and the changing of 404 error pages among
other dubious practices. How do you explain this reference to YapSearch?
17. Did YapSearch or YapBrowser ever deploy any of the
tactics outlined in this document?
18. Given the current state of affairs what is the future for YapBrowser-
do you still intend to distribute this application?