Ad hijacker Sambreel.pdf - Google Drive

Ad hijacker Sambreel lives on, injecting ads into YouTube pages

Display ads injected across YouTube

Sambreel, a company that made headlines in 2011 for hijacking ads on Google and Facebook, is still operating under different brand names, according to analytics company Spider.io.

Sambreel Holdings offers consumers programs -- browser plugins like PageRage and BuzzDock -- that promise to improve the web browsing experience by either customising web pages or providing special deals. However, what those users don't know is that the real purpose of the technology is to provide a vehicle for injecting adware onto the page, replacing the publisher's ads with those served by Sambreel. These unauthorised ads siphon off revenue from the content creators -- including the BBC, the New York Times and AOL -- and confuse customers.

Things came to a head between Facebook and Sambreel at the end of 2011. Sambreel had been offering Facebook users a tool to let them change their profile backgrounds and layout. However, it replaced Facebook's own advertising, offering advertisers a low-cost alternative for accessing Facebook's users. It developed enormous scale, and so Facebook started to block its users from using Sambreel's adware browser plugins while accessing Facebook webpages.

Sambreel responded by suing Facebook, saying that it was behaving in an anti-competitive manner. The case was, however, thrown out of court with the judge saying that "there is no fundamental right to use Facebook" and that because Facebook asks users signing up for accounts to comply with the social networking site's terms, "Facebook is within its rights to require that its users disable certain products before using its website".

Sambreel was locked out of ad exchanges including Rubicon Project, PubMatic and OpenX. Spider.io CEO Douglas de Jager told Wired.co.uk: "It took a long time for the exchanges and sell-side platforms to finally drop Sambreel's inventory. But everyone we've spoken to over the last year has talked about them being a scourge across the industry." De Jager said that once it was dropped by the exchanges, the company went very quiet -"everyone thought they were gone".

Despite this, Sambreel has reemerged under a different guise, with two plugins called Easy YouTube Video Downloader and Best Video Downloader. They appear to be provided by companies called Yontoo and Alactro, but these are subsidiaries of Sambreel. The issue first came to light when Spider.io was analysing video ad exchange inventory -looking at just under a billion video ad impressions -- trying to find illegitimate interactions with ads. The company spotted some anomalies and then focused in on Sambreel and its plugins. Within the sample of a billion video ad impressions, they found 3.5 million unique installations of the plugins. Although de Jaeger points out that this is "only a fraction" of total installations. "Sambreel goes out of its way to remove association with anything it does. It creates holding companies -- vehicles to sell their inventory -- and none of them have Sambreel listed as the creator," says Dougles de Jaeger from Spider.io. Whenever a user of these plugins heads over to YouTube.com, they will see multiple display ad slots injected across the site, including the homepage, channel pages, search result pages and video pages.

Malvertising

Spider.io has found that the ad slots are being bought by major brands including American Airlines, Amazon local, AT&T, Ford, Kellogg's and Toyota. The ads are also being bought by "malvertisers" -- those that try to spread malware to new users through misleading ads. In one case, an ad tells the users that they need to update Java. However, if the user clicks the update, he or she is taken to another site where they are told to download an update, when in fact it's a piece of malware. Youtube users wouldn't normally see this sort of malvertising, but Sambreel's plugins bypass Google's strict ad-quality processes. Sambreel's system works by adding iframe elements to webpages. These "ad slots" are then sold through ad networks and display ad exchanges. When the ad slot is passed onto the ad networks, YouTube is listed as the domain, while three organisations called Jeetyet Media, Plural Media and Redford Media show up as supplying the ad slot. These domain names used to be registeredunder the name of Sambreel founder Arie Trouw, but are now protected with whois privacy. With the video ads -- which are typically ten times more expensive than display ads -- it seems that Sambreel has a pretty significant foothold. In some of the smaller exchanges (non-Google exchanges) as many as 15 percent of the ad slots sold to video advertisers were injected by Sambreel into YouTube. This has been possible through a complicated system of advertising inventory arbitrage, where some publishers buy up display advertising slots in bulk and then feed them into video ad exchanges (where advertisers pay a much higher premium), so that videos are placed into them instead of regular display ads. De Jaeger believes that this demonstrates a wider problem with the online advertising industry. Video advertising is generally less transparent than Google Ad Word or display ads in that they are less likely to be direct response. With direct response ads, the expectation is that those ads will result in some sort of action that can be tracked -- a click through to an advertiser's website. That way, the advertiser has metrics it can analyse if anything goes awry. Video ads are generally branding exercises -- the ads are shown to a certain relevant demographic in the hope that they will build a preference for their brand. But there is no direct way of tracking this -- it tends to rely on subsequent offline analysis. "This means it's much less transparent for a video advertiser to know when things are going wrong," says De Jaeger.

However, in the case of Sambreel, the ads are still being seen by people watching videos on YouTube, so it doesn't seem to be as bad for the advertiser as it is for YouTube. But Jaeger says that the injected video ads across the page refresh every two minutes and "the engagement is really low". Sambreel doesn't appear to target YouTube's pre-roll video ad -- although De Jaeger says that it would be possible -- which is where most of the viewer engagement comes from. Nevertheless, Sambreel is providing a service: people do like to download videos, whether or not YouTube does. De Jaeger suggests that had Sambreel simply shown an ad at the point of video download, that would probably be "fine". The problem is the extent to which it disrupts the regular YouTube service. "But the fact that it injects ads freely all over the place means it defintely messes up the user interface," De Jaeger says. Spider.io has a history of exposing advertising fraud. In March Wired.co.uk wrote about the company's discovery of a botnet that was defrauding advertisers of $6 million (£4 million) per month through huge volumes of fake traffic. The Chameleon botnet delivered huge volumes of traffic to a small group of websites, where some nine billion ad impressions were served each month. Each time an ad was "viewed" by the botnet, the advertiser pays and the publisher and the ad network take a small slice.

Wired.co.uk approached Google for an interview about this issue, but a spokesman would only offer this statement: "Applications that are installed without clear disclosure, that are hard to remove and that modify users' experiences in unexpected ways are bad for users and the web as a whole."

We also tried to speak to someone at Sambreel, contacting founder Arie Trouw via LinkedIn and through the company's website. Trouw did not respond and has since changed his job title on LinkedIn to "CEO/Founder at Webble". We did receive a response from Yontoo's nameless customer service saying that the plugins had been discontinued. You can read Spider.io's full analysis of the issue here.

https://goo.gl/gWBsD3 https://goo.gl/EMTUpK https://goo.gl/hUYSgf https://goo.gl/45BbEn https://goo.gl/3E76Cr https://goo.gl/UaXLLS