Software that hijacks visits to YouTube uncovered

Online investigators have uncovered a new type of software that is hijacking web users' visits to the YouTube website and inserting an extra layer of adverts - some of which load malicious programmes on to the users' computers.

The discovery provides further evidence of the growth of digital advertising fraud, which is estimated to cost technology and advertising companies billions of dollars a year. While previous schemes primarily targeted search engines and display ads, the latest examples are aimed at the fast-growing and lucrative market for online video advertising.

With names such as Easy YouTube Video Downloader and Best Video Downloader, the new software products offer users the chance to download and save videos from Google's YouTube, rather than stream the videos directly from the site.

But once users install the software - which takes the form of a browser plug-in - extra ads start to appear when they later visit YouTube, according to Spider.io, a London-based start-up that tracks digital advertising fraud.

When visiting YouTube via a standard web browser, users will typically only see a short video commercial before the video they want to watch is played, and a display ad on the right hand side of the page. Spider.io found that with the Easy YouTube Video Downloader or Best Video Downloader plug-in installed, extra ads and video ads appear along the border of the page.

In addition, Spider.io discovered that some of the injected ads were so-called "malvertisements", which direct users to external websites that can install viruses or other harmful programs on the user's computer.

Revenues from these extra ads go to the companies behind the software, not to YouTube.

A Google spokeswoman said the software violated YouTube's terms of service, which bar the downloading or copying of YouTube videos.

"Applications that change users' experiences in unexpected ways and provide no value to publishers are bad for users and bad for the web," she said. "We're continuing to look into these types of bad actors and have banned them from using Google's monetisation and marketing tools."

Both of the YouTube browser plug-ins identified by Spider.io are operated by groups previously identified as subsidiaries of Sambreel, a company based in Carlsbad, California. Users of the software are alerted that it is free to use and supported by additional advertising.

Neither Sambreel nor the companies behind Easy YouTube Video Downloader or Best Video Downloader responded to requests for comment. After being contacted by the FT, the software was withdrawn.

Ακολουθήστε το Euro2day.gr στο Google News!Παρακολουθήστε τις εξελίξεις με την υπογραφη εγκυρότητας του Euro2day.gr

FOLLOW USΑκολουθήστε τη σελίδα του Euro2day.gr στο Linkedin

In recent years, subsidiaries of Sambreel produced software that served extra ads, or concealed existing ads, on Facebook, Google and other sites.

However, Facebook later blocked its users from using Sambreel software, and several online advertising companies stopped working with the company following complaints from website owners.

This targeting of YouTube users comes as the digital advertising industry attempts to combat a proliferation of other schemes that aim to exploit web users and eat into the global advertising industry's $116bn of global annual ad revenues.

In separate incidents, fraudsters have hacked into personal computers to create "botnets" that can impersonate genuine web users and generate fake advertising views - which companies pay to attract. But as quickly as companies detect and prevent one scheme, a new one typically emerges, according to industry executives.

"Why can't we stop these guys? They are very smart," said Penry Price, president of digital ad tech firm Media6Degrees and leader of an industry task force on digital ad fraud. "As soon as we find a solution, they reverse engineer it."

© The Financial Times Limited 2013. All rights reserved.
FT and Financial Times are trademarks of the Financial Times Ltd.
Not to be redistributed, copied or modified in any way.
Euro2day.gr is solely responsible for providing this translation and the Financial Times Limited does not accept any liability for the accuracy or quality of the translation