Spider.io, a firm born out of Imperial College London, specializes in distinguishing between legitimate human web interaction and others – the latter "often by automated or systematic visitors and also often, in the case of online advertising, as a result of deviant publisher activity."
Earlier this year it exposed the Chameleon click fraud botnet that it estimated was costing advertisers at least $6.2 million every month. Now it has revealed that Sambreel, a firm that became infamous for injecting ads into Facebook and Google webpages, has returned and is injecting ads into YouTube pages.
During the first iteration, Facebook blocked Sambreel, and Sambreel sued Facebook – but in November 2012 a San Diego district judge threw out its case: a website has the right to exclude users if they install a program that alters the look of the website and swaps out its own ads. Following this ruling Sambreel went quiet and people thought it 'was gone.'
But now Spider.io has revealed they're back, this time focusing on YouTube. It is contrary to the YouTube terms and conditions to download rather than stream the videos – but many users still like to do so. Searching for 'video downloader', such users might find plugins called Easy YouTube Video Downloader and Best Video Downloader from Yontoo and Alactro (both subsidiaries of Sambreel).
Ostensibly, these plugins allow YouTube videos to be downloaded. But, says Spider.io, "When a user who has installed these plugins visits youtube.com multiple display ad slots are injected across the YouTube homepage, channel pages, video pages and search results pages."
The process works by injecting iFrames into the page viewed by the user. The iFrames are ad slots that are managed and sold ultimately by Sambreel (via various subsidiary organizations). "Each ad slot," says Spider.io, "is reloaded every 120 seconds."
The scale of the plug-in operation is surprising, with the researchers identifying more than 3.5 million installations of Sambreel's YouTube focused plug-ins. They analyzed close to 1 billion video ad-slots sold through non-Google video ad exchanges ,and found that just over 15% came via Sambreel.
Needless to say, malvertisers are also taking advantage of the opportunities. By buying ad slots from Sambreel rather than Google, they can by-pass Google's quality control procedures. Malicious adverts injected via Sambreel can direct users to malicious sites. One example given by Spider.io shows an 'out of date' Java warning – but if the user accepts the request to update, he is redirected to a malicious site masquerading as the Java update site.
Exposed by Spider.io, Sambreel now seems to have gone away again. Wired "tried to speak to someone at Sambreel, contacting founder Arie Trouw via LinkedIn and through the company's website. Trouw did not respond and has since changed his job title on LinkedIn to 'CEO/Founder at Webble.'" The two named plug-ins have also been removed from their download pages.