Firm found using browser plugins to inject unauthorized ads on YouTube
Posted on 16 August 2013.
Sambreel, a California-based firm that nearly two years ago has been found using browser plugins to deliver ads by injecting them into Facebook and Google pages, is up to its old tricks.


At the time, the two plugins were named PageRage and BuzzDock, today it's Easy YouTube Video Downloader and Best Video Downloader which, according to the researchers from UK-based Spider.io, are part of a software browser tool suite provided by two subsidiaries of Sambreel.

"When a user who has installed these plugins visits youtube.com multiple display ad slots are injected across the YouTube homepage, channel pages, video pages and search results pages," the researchers noted. "These display ad slots are being bought today by premium advertisers like Amazon Local, American Airlines, AT&T, BlackBerry, Cadillac, Domino’s, Ford, Kellogg’s, Marriott, Norton, Toyota, Sprint, Walgreens and Western Union."

The company obviously earns by offering such ad placement to ad exchanges or directly to companies looking for more exposure, but the problem is that anyone can buy ad space from Sambreel, and it just so happens that malware peddlers also do.

In one example, the injected ad sports a fake alert saying that the user should do well to update their Java, but clicking on the "OK" button will take them to a third-party disreputable site.

"This sort of malvertising would be unlikely to impact YouTube users without Sambreel’s involvement. Google has strict ad-quality processes, and Sambreel’s plugins bypass these," the researchers explained. So, not only does the company hurt legitimate advertisers, but random users as well.

According to BBC News, one of the Sambreel subsidiaries stated that the offending browser plugins have been discontinued, but that seems to have happened only after the researchers made the company's actions public.

A Google spokeswoman said that the company is aware of "bad actors" such as this one and has banned all of them from using Google's monetization and marketing tools.

According to Spider.io, some 3.5 million people installed one of Sambreel’s YouTube-focused adware plugins before this, and they have surely pulled in some serious money.









Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //