I’ve already discussed the accidental downloading of kiddie porn by social engineering and one of the great legal defenses of honeypots is that no one gets there by accident. You simply have to be doing something wrong. I’ll get back to that in a minute, but first a little bit about YapBrowser which is a cross between social Engineering and a seductive honeypot.
Everybody has bitched so much about the insecurity of Windows Internet Explorer that people are trying alternate browsers and Yap Browser has guaranteed to block porn. Soo, knowing that the kids surf the net and wanting to protect them, you install it. The browser has a built in search bar which is built in so there is no need to install Google. Great job, you protected the kids but failed to Google Yap Browser. If you had, you would have realized that this is a state of the art Russian designed, English owned porn browser that no matter what search term you put in after a certain number of uses, it returns kiddie porn. Not so Sweet but very Dangerous Honeypot – the Yap Browser delivering unintentional downloads of kiddie porn.
My tripping into a honey pot is slightly less defensible for an expert. On a lazy Sunday morning, I was cleaning up lose ends related to young-`models.org and decided to visit teens18.biz – I mean there is nothing terribly nasty about the name so I had misjudged it. I thought that it was the sweet alternate side to young-models.org for people who had not yet been tagged. Still, I never enter a site directly anymore.
I went to Alexa.com and it automatically referred me to cute sites designed by cops and lawyers (sliced white bread and vanilla ice cream type guys) and got the same treatment from aboutus.com – I looked up copyright holder and found it was a Danish company which had other sites with less legal crap and less attractive girls. Everybody was over 18, they looked it and birth certificates were available on request.
Feeling very bored and safe, I went directly to teens18.biz to see what was there currently and BAM – I got hit with a shit storm
This crap was nasty and I felt so dirty, all I could force myself to do was to rip the code. Parts are published at tigerstail.wordpress.org
I wanted this shit out of my possession instantly. I mean how could an expert say that they stumbled into the site accidentally because of carelessness. I gave the drive the “Lot’s wife treatment” and almost fucked the whole hood. I put it in a pail, and pored muriatic acid on it and locked the door. When I returned a half hour later there was a cloud of acid fumes, acid mist and I couldn’t breath. I had to get the bucket outside or it would shut down the building and might have been embarassing for me trying to explain a hard drive dissolving in a bucket of acid. Christ, it was damn near as nasty as the site it came from.
This site is definitely not driven by the profit motive – I mean they never asked for a dime for a drive scrubber to remove the nasty pictures; they never asked for a membership fee. All they did was load about 600 pictures from 100 spawned sites onto my machine in 6 minutes before I pulled the plug.
I guess they don’t want me as a repeat customer.