Firm found using browser plugins to inject unauthorized ads on YouTube
Posted on 16 August 2013.
Sambreel, a California-based firm that nearly two years ago has been found using browser plugins to deliver ads by injecting them into Facebook and Google pages, is up to its old tricks.


At the time, the two plugins were named PageRage and BuzzDock, today it's Easy YouTube Video Downloader and Best Video Downloader which, according to the researchers from UK-based Spider.io, are part of a software browser tool suite provided by two subsidiaries of Sambreel.

"When a user who has installed these plugins visits youtube.com multiple display ad slots are injected across the YouTube homepage, channel pages, video pages and search results pages," the researchers noted. "These display ad slots are being bought today by premium advertisers like Amazon Local, American Airlines, AT&T, BlackBerry, Cadillac, Domino’s, Ford, Kellogg’s, Marriott, Norton, Toyota, Sprint, Walgreens and Western Union."

The company obviously earns by offering such ad placement to ad exchanges or directly to companies looking for more exposure, but the problem is that anyone can buy ad space from Sambreel, and it just so happens that malware peddlers also do.

In one example, the injected ad sports a fake alert saying that the user should do well to update their Java, but clicking on the "OK" button will take them to a third-party disreputable site.

"This sort of malvertising would be unlikely to impact YouTube users without Sambreel’s involvement. Google has strict ad-quality processes, and Sambreel’s plugins bypass these," the researchers explained. So, not only does the company hurt legitimate advertisers, but random users as well.

According to BBC News, one of the Sambreel subsidiaries stated that the offending browser plugins have been discontinued, but that seems to have happened only after the researchers made the company's actions public.

A Google spokeswoman said that the company is aware of "bad actors" such as this one and has banned all of them from using Google's monetization and marketing tools.

According to Spider.io, some 3.5 million people installed one of Sambreel’s YouTube-focused adware plugins before this, and they have surely pulled in some serious money.









Spotlight

Whitepaper: Zero Trust approach to network security

Posted on 20 November 2014.  |  Zero Trust is an alternative security model that addresses the shortcomings of failing perimeter-centric strategies by removing the assumption of trust.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Nov 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //