YouTube has been hijacked.
After victimizing Facebook and The New York Times last year, a notorious ad fraud perpetrator, Sambreel, has returned. Like a back from the dead horror movie villain, Sambreel has come back using a bunch of alternate company names to dupe Web users into installing plug ins on their computers that deliver ads on YouTube—without YouTube’s knowledge or permission.
That’s according to the latest bombshell report from Spider.io, the British research firm that helped identify an infamous botnet earlier this year.
Here’s how it works: Users who want to download YouTube videos to their desktops conduct searches such as “Download YouTube videos." Technically, this is against YouTube's terms of service; but if consumers chose to go forward with these searches are likely to encounter a pair of downloadable plug ins from Sambreel: Easy YouTube Video Downloader plugin and Best Video Downloader.
Once users download these plugins, upon their next visit to YouTube, Sambreel starts serving its own ads on YouTube.com—without YouTube’s knowledge (Click here to see a bunch of examples). Some of these ads take the form of ‘extra’ display ads shoved onto the YouTube homepage—sometimes right on top of YouTube’s own paying advertisers’ ads. Some of the ads are designed to look like legitimate prompts urging users to update their software.
Others are video ads shoved into YouTube’s white space but made to look as though they belong on the site.
Among the brands victimized are Amazon, American Airlines, AT&T, BlackBerry, Cadillac, Domino’s, Ford, Kellogg’s, Marriott, Norton, Toyota, Sprint, Walgreens and Western Union, per Spider’s report.
Sambreel got nailed earlier this year pulling the same kind of tricks on both Facebook and The New York Times. Once the company was exposed, it was kicked out of various ad exchanges. But per Spider, Sambreel is back, this time using the aliases Yontoo, Alactro and AdMatter. The company takes elaborate steps to disguise its involvement with the deliver of these ads, according to Spider CEO Douglas de Jager, including listing its inventory as coming from “YouTube” in various exchanges, and delivering the ads through domains like jeetyetmedia.com, pluralmediallc.com and redfordmediallc.com. These domains are registered to Sambreel founder Arie Trouw, says Spider.
“They create these shell companies,” said de Jaeger. One company is behind these plugins. Then they sell the inventory via a different shell company. They never list themselves. Then they introduce all these layers. And people think they are buying YouTube on exchanges.
YouTube is taking this seriously. The company is in a tough spot, since it can’t actually see what Sambreel is doing to its site, and can’t completely monitor all the ad exchanges claiming to sell YouTube inventory. Spider has found 3.5 million installations of Sambreel’s YouTube-focused adware plugins; the company says at one point Sambreel was driving as much as 15 percent of inventory on some exchanges.
Said a Google spokesperson: “Applications that change users’ experiences in unexpected ways and provide no value to publishers are bad for users and bad for the Web. We’re continuing to look into these types of bad actors and have banned them from using Google’s monetization and marketing tools."
What can YouTube do? It’s not clear. de Jager says he’s not even sure if Sambreel’s actions are illegal. It’s illegitimate. It’s predatory…They control the users desktop. But I don’t know where law stands.”