Privacy Issues: May 2006 Archives

No, not Teri Hatcher firing out hundreds of emails about the latest crazy goings-on in her street, but rather an individual by the name of "Gena Elmore" trying to scare people and failing miserably. As you can see here, the bad guys are becoming increasingly rattled by the steps taken to shut them down, drown them out and make them play fair. I'm not sure if anyone fell for their bullish tactics...have a look and see what you think.

By the way, I'd point you to the Blue Security blog, but it's currently down because of DoS attacks...!

PREFACE

I have now received the response's from Yap Browser. Special thanks to Anna of Sunbelt and Joeseph of Facetime for taking out time to provide translation services. The controversy all started when some researchers downloaded the Yap Browser which was bundled with 180 Solutions- Zango product, and the browser was serving up what appeared to be UA Porn (Under Age Porn).

For our Russian speaking readers I have uploaded the interview questions and answers in Russian.

Porter's Interview Questions in Russian

"John Sandy": YapBrowser's Response to Interview in Russian


Per the rules of engagement I will refrain from comments here. However trackbacks are on, if your trackback does not show up please e-mail me and I will put up a summary. On to the interview...

Wayne Porter's E-mail Interview: Questions to Yap Browser:

Porter:. So that it is clear what is the name of the entity or company that develops and operates YapBrowser?

Yap's Response: Enigma Global Inc.

Porter:. Are YapBrowser and YapSearch.com controlled and / or operated by the same entity or otherwise related?

Yap's Response: Yapbrowser.com- is a website of our program called yapbrowser, where users can download our program and read its description. Yapsearch.com ? is a website that is supposed to be reflected within the yapbrowser.com. Also, yapsearch.com is a search engine ( but at this moment not functioning, since we have not selected a non-free search system, which feed could have been used to do searches. At that moment there was only a design form/template on the website.)

Porter: For the purpose of general information background and mutual understanding, can you describe the business that you conduct on the Internet?

Yap's Response: We were planning to open a partner program [[translation: partnering meaning bundling here]] and pay our partners for installations of our yapbrower. The installation of the program was supposed to be sponsored by zango. That is, every partner could register into our bundle and create a link to our program at their website. Before that, we would have to check the website content ( if it breaks any rules i.e. is not illegal) and then allow them to proceed.

Porter: How long has YapBrowser been available for end-users to download from the Internet?

Yap's Response:We came up with the idea of Yapbrowser about half a year ago. Before that, we were trying to come up with what would be the best to be downloaded by users, and chose yapbrowser. Yapbrowser was never made available for end-user. Only some people knew about our program ( programmers, designers, zango etc.) At the time when the problem was discovered, our program was still in development, and wasn?t launched yet. There was no traffic on the websites.

Porter: Aside from working with 180solutions can you cite, as trade references, any other businesses or advertisers that you work with, have worked with in the past or those who have expressed interest in working with you in the future?

Yap's Response: We haven?t even had a chance to buy advertisement spots for our project, let alone launching it for testing. Therefore, we didn?t have any partners. At that time we collaborated only with zango. After the testing we would have started with advertisement on internet forums. Later the new partner would be appearing.

Porter:. How long has YapBrowser bundled the 180solutions product- Zango?

Yap's Response: We bundled our programs recently. Since zango was going through certification (or something of that kind) we had to wait for quite some time. I think the bundling happened about a month or two ago.

Porter: How were you not aware over that period of time that your application / sites were redirecting to the offensive material?

Yap's Response: First of all, I wasn?t paying much attention to yapsearch.com website. To test it, I simply installed the design template with non-working hyperlinks and a search line field. I have no idea that on a non-existing page there might be such content with offensive material. When I was shown an article about our website I was shocked. And, naturally, I realized what happened.

Porter How rigorous was 180Solutions / Zango in terms of checking your application
before they agreed to have their software bundled with the YapBrowser application?

Yap's Response:The testing process was very harsh. First, our program is included into zango installer. We supply some design elements for the program installation, EULA text. The program installation is done with the confirmation of two agreements. Zango?s approach to this issue is very serious; therefore, I do see that they are dependable, and choose them as partners. In this situation there is no zango?s fault. Most likely it is my program?s fault that such mistake was made. And, of course, the real offender is the host company.


Porter: Did 180solutions test the software prior to your agreement to bundle Zango?

If so, can you describe the process that was involved?


Yap's Response: Yes, testing was done a couple of times. I sent the program to zango to be tested. They replied me with the changes that I had to make in the program. That happened a couple of times before we finally had desired results. (But I would like to repeat, that the programs were not launched, the partner-program was still in development)

Porter:Did they test your application after it launched with the Zango product bundled?

Yap's Response: Yes, the testing was done. Maybe, at that time 404 page wasn?t showing any illegal content. I cannot say for sure since I did not check.


Porter: Have you received payment from 180Solutions for the Zango downloads you delivered?

Yap's Response: By that time, no more than 5 downloads of my proglram were made What payments can we talk about?

Porter: Your sites were hosted on a server that also hosted known hijack sites and sites related to other allegedly illegal practices. Specific examples would include instme. biz and nstallme. info.

At the time of my testing there were only six other sites residing on this server besides yours,and approximately 60 + sites on a related IP address. Again, many of which were highly dubious and well known to the security community.

Given the current state of Russian webmaster forums, where whole sections are devoted to "rogue" sites and installers, as well as the widespread coverage of these groups by Western security companies, how is that you were not aware of the practices of your neighbours on this server?

Yap's Response: I had?t even thought that these people could have done this to me. First of all, they were not my permanent web host company. The sites were kept there temporarily, before the launching of the program for the testing purposes by my employees. If I would have launched the program, I would have bought my own server.

At that time it was not worth to maintain an expensive server because this project was taking too much money, which I am very limited with. The websites were kept at that server for free. The person who supplied me with that was contacting with me via icq. Do you need his number?

Of course, after he realized what happened, he dissapeared. He was also registering domain yapcash in his name. And at this time I do not have access to that domain. My thoughts on that, is that these people wanted to use the traffic from my yapbrowser somehow. They probably were somehow related to such hacker sites like instme. biz and nstallme. info. I do not posesss that information.


Porter: How is it that you were not aware your chosen server host were well known and documented for hosting such sites and material?

Yap's Response: This was not my permanent webhost. It was used only for tests ( I repeat). I did not plan to send there traffic from my parner websites, (but I think that?s what the webhost expected, since he let me keep my sites there for free.

Porter: To quote from your exchange with Paperghost at VitalSecurity.org:

VitalSecurity.org

Paperghost: The same details are used for a group of sites at Eltel, a Russian ISP, including one site that redirects the user to browser exploits at paradise-dialer.com,
which load trojans, spyware and dialers. Paradise-dialer's whois places it as part of
the CWS group known as Dimpy, aka BigBuks. Since the BigBuks whois is also given
by mix-click, referred to by the yapbrowser/yapsearch whois, and the aforementioned
servers at Pilosoft and Eltel (as well as the paradise-dialer server also at Pilosoft just a
few IP addresses away) run many other sites that link back to browser exploits and
child porn promotions run by BigBuks, it seems reasonable to assume that they are
the same group of people.

So, is this you or not? And if not, how come the contact details are the same?

YapBrowser: We now try to find people which are involved in an illegal site. They had some attitude to domain names, but not to our activity. Similar these people are engaged in distribution illegal content and in parallel contain a server for this purpose. We have chosen a unsuccessful place of accommodation of the projects in a network.

Given your statements and acknowledgement of illegal content distribution, presumably you have accurate details of who you did business with for hosting. This would include business names, individual names, addresses, phone-numbers, etc.You appear to claim to have been victimized by a supposedly legitimate business entity, are you willing to serve the public interest by making this information available in this interview?

If so, please provide details. If not, why not?

Yap's Response: I do not have any names, phone numbers, addresses etc J I did not work togetherwith them at that level. I have icq number 278-690-157 and nick Androgen, which has been offline for a long time now. You know the IP addresses of the server. My sites were kept on his webhost. You say that the IP addresses match, and that is understandable because my sites were on the same server as the illegal sites, and I did not know about it. FTP access is not working either for a long time now. In the first couple of days I was trying to do something, but then the websites just stopped working. I moved to another webhost. I was defamated on various forums and webhost just deleted my sites.

Porter It was been brought to my attention that:

A representative of YapBrowser is John Helbert, as seen here:

http://sunbeltblog.blogspot.com/2006/04/yapbrowser-getting-yelled-at.html

A connection has been made between this person and an individual called ?Klass? a member of a ?Lolita / CP? board called ?Dark Master?. (Matching ICQ numbers, etc). More on this connection can be seen here:

Sumbelt Haloscan comments

What is your response to this connection between YapBrowser and the ?Dark Master? forums?

Yap's Response: I am not part of the group ?Lolita / CP? under ?Dark Master? name J Dark Master is an old forum, which was closed. Anybody who wanted could register there, and I do not belong to those people, who do illegal projects. Yapbrowser has nothing to do with that forum. There is no factual prove of the relation.

Porter: Ben Edelman provides video evidence of the dubious activities of an outfit
called HighConvert working with a number of adware companies. See video: http://www.benedelman.org/scripts/video/?v=highconvert-081505 this operation appears to be related to a document uncovered and transcribed from Russian into English by Sunbelt Software in early April. The YapSearch domain is cited in this document. Reference English translation of document here: Sunbelt Translation Document.

The document outlines plans for ?invisible clickers?, lowering of browser?s security settings, utilizing ?Blue Screen of Death? for trick ads, and the changing of 404 error pages among other dubious practices. How do you explain this reference to YapSearch?

Yap's Response: Probably, this document was written by a person, who communicated with me at some point, but I do not know who that person is, maybe a programmer. There is an example of the feed design of yapsearch.com in this document. I think that it was written by someone who was in touch with me earlier, because there is a program mentioned there, that is similar to mine, but that one is included in an illegal project. Yapbrowser does not belong to that project (described in the document). And it couldn?t belong because all changes we make in the program, we have to show to zango to be checked.

Porter:. Did YapSearch or YapBrowser ever deploy any of the tactics outlined in this document?

Yap's Response: Of course not. Why are you asking that? Have the program checked by knowlegeble programmers to assure that there are no such functions in my program.

Porter: Given the current state of affairs what is the future for YapBrowser-do you still intend to distribute this application?

Yap's ResponseAt this moment, the development of the program is completely suspended. Bad things are written about us on many websites. I had no idea that I could encounter this problem in the project and understand my mistakes. To show my goodwill, I am ready to donate money for children. All details about the donation you will be able to see on my website yapsearch.com

Closing Comments from Yap Browser's, "John Sandy"

I hope, now things will turn around, and you will finally understand that my project is not involved into any illegal activity. Please, try to distribute this article among all forums and blogs.

Thank you for the interview, hope that you will help me to solve this problem.

End of Interview

About this Archive

This page is a archive of entries in the Privacy Issues category from May 2006.

Privacy Issues: April 2006 is the previous archive.

Privacy Issues: September 2006 is the next archive.

Find recent content on the main index or look in the archives to find all content.