August 14, 2013
Illegal Ads And Adware Rampant On YouTube
Michael Harper for redOrbit.com - Your Universe Online
Downloading videos from YouTube is generally frowned upon but, like many things on the Internet, where there’s a Google there’s a way. So, when users search for a YouTube video downloader, they are likely to find a plug-in that can suit their needs.
Web security firm spider.io, however, has found that one company is disguising one such plugin to deliver ads to users; ads that YouTube wasn’t paid for hosting. The plug-ins, called Best Video Downloader and Easy YouTube Downloader operated more like adware and have since been removed following Spider.io’s report, according to the BBC.
What’s more, the company behind the downloaders, Sambreel, has had run-ins with both Google and Facebook in the past concerning similar ad-hijacking practices. Though many of the ads displayed through Sambreel’s adware were of the common Internet variety — tips to cut down belly fat, ways to save on auto insurance and where to buy the cheapest iPads — they were also able to attract premium advertisers such as AT&T and Toyota.
“We weren’t looking for Sambreel,” Douglas de Jager, spider.io’s founder,said in a statement to Forbes.
Once one of these downloader plug-ins was installed on a user’s computer, the adware would lay dormant until the user visited a YouTube page. The software would then leap into action, taking over elements of the page and inserting its own ads in the sidebar or below the video.
Understandably, Sambreel went through great lengths to conceal its name during the scam, filtering all of its ads through smaller properties with different names. According to spider.io, it wasn’t just small and large advertisers buying what they thought to be lucrative YouTube space from Sambreel’s entities; Malvertisers, or advertisers who push malicious software through embedded links, also purchased ad space here. In one example, the user would see an alert that would tell him/her to download a Java update before seeing a video; clicking the link would, of course, download malware to the user's machine.
Forbes set out to independently confirm spider.io’s findings and catch Sambreel in the act by downloading the plug-ins on a clean and secure computer. Yet when they began searching for the downloaders, they found they had been pulled from the Internet. Forbes then reached out to Sambreel for comment but was met with no reply.
In his interview with Forbes, de Jager said he believes some of the advertisers whose promotions showed up in these ads weren’t wise to what was going on, mostly due to the nature of Internet ad sales.
“The networks involved are high profile exchanges and ad networks,” he said. “I think for the most part, people are buying this inventory unawares (sic).”
In 2011 Sambreel was found to be running a similar scheme with Google searches and Facebook pages. Any money advertisers paid for the promotional content ended in Sambreel’s pockets, leaving both Google and Facebook without a dime. Sambreel infiltrated Facebook through software called PageRage, software that allowed users to dress up their pages with animations and cartoons.
The social network sent Sambreel a cease and desist notice, saying its adware violated the social network's advertising guidelines. Sambreel responded by saying it had no “contractual relationship with Facebook” and therefore was not bound to the company's policies. Facebook later blocked any browser running Sambreel’s adware. Sambreel then filed a lawsuit against Facebook for monopolistic practices, a case that was thrown out of court.