According to Boyd, who was speaking at the Virus Bulletin conference in Barcelona last week, these rogue browsers, often imitate the real thing, use similar logos to legit browsers, and claim to be incredibly secure, offer lots of features and functionality.
“Typically it's all lies, and they're dropping rootkits, hijacking your desktop or clicking invisible links out of view from the person using it”, he said, adding that, in his humble opinion, the worst of these browsers was something called YapBrowser that appeared in 2006 and downloads, installs and runs just like any regular browser.
Although it bundled with Zango adware, Boyd said that no hijacks were involved and you had the option to back out.
“Running the browser didn't raise any alarm bells – until you typed in a web address.... any web address.... and found yourself redirected to places you'd rather not go”, he explained in his latest security posting.
Redirecting users to content that could send them to jail, he noted, wasn't the best way to promote their browser, and it was quickly pulled.
But shortly after the browser vanished, it reappeared for a few more weeks claiming 'full protection from virus attacks'. That didn't last long, and YapBrowser was finally buried in late 2006 after being acquired by a company called SearchWebMe. The browser was gone forever, and the site was basically dead-on-arrival.
Until this month. It appears that the rogue browser reappeared some time in February of this year, although the site is now dead again.
Currently, said Boyd, YapBrowser is registered to what looks like a company registered in the UK. The name of the URL listed as the contact email address, he added, differs from SearchWebMe, which originally bought the site/program back in 2006, but it's possible they're one and the same.
“Seeing this site lurch back into life, looking identical to how it did back in 2006 and with the browser download following close behind is quite a shock. I imagine anyone else who researched this one will be feeling much the same, and given the history of this program coupled with the (still) nonsensical claims of security and virus evasion it would be quite the leap of faith to want to download and use this program”, he said.
“We'll be keeping a close eye on this one, and if the program starts to do anything beyond point at the parked domain we'll publish an update. For now? Our advice would be to stick with another browser”, he added.