Blog Post

Notorious ad hijacker spreads to more media, retail sites

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

Do publishers have the right to control the ads that appear on their websites? A controversial company doesn’t think so and has been injecting billions of unauthorized ads into websites like AOL (s aol), the BBC and the New York Times (s nyt).

The company, Sambreel Holdings, first made news a year ago for hijacking ads on Google (s goog) and Facebook (s fb). Its aggressive tactics drain revenue from the companies and confuse consumers, many of whom are unaware when Sambreel installs itself on their computer. And now the company is spreading quickly and threatening to cause havoc in the online ad market.

How it works

Sambreel, on the surface, offers programs with names like Page Rage or Drop Down Deals that promise to improve consumers’ web surfing experience by customizing web pages or providing special deals. The real purpose of these programs, however, is to serve as vehicles for injecting adware that replaces publishers’ ads with those served by Sambreel.

The result is that consumers see pages like the ones shown below. In the first example, Sambreel has pushed a premium Louis Vuitton ad further down the New York Times homepage and replaced it with an ad for something called “Pickle.” In the second, a prime CNN ad has been replaced by an ad served by a Sambreel browser extension called BuzzDock (a New York publishing executive showed us the takeover ads in action and supplied the screenshots):

The publishing executive, who did not wish to be identified, said that Sambreel’s activities are rattling the online ad industry. In particular, he said, the injected ads deprive publishers of revenue while also distorting prices. For example, a brand may be pleasantly surprised that a YouTube ad that ordinarily costs $10 a click is now available for $3 (without realizing that Sambreel, not Google, gets the revenue).

New York Times spokesperson, Eileen Murphy, provided the following statement:

“Buzzdock’s adware technology alters the display of pages by inserting advertisements sold by Buzzdock directly onto those pages.  Buzzdock collects all of the revenue from these ads; The Times does not see a dime. This is a fundamentally unfair business practice that is predicated on manipulating the user experience of, and we are exploring how best to bring it to an end.”

How widespread?

The publishing executive claims that Sambreel’s activities are serious enough to have depressed his company’s most recent earnings result. But such claims are hard to verify since it’s not possible to tell how many computers contain the ad-serving software. Sambreel did not respond to requests for comment.

At first glance, it seems unlikely that Sambreel is pervasive enough to affect the ad industry. After all, how many people are going to download junky browser plug-ins? On the other hand, Sambreel’s reported use of underhanded tactics could mean it is indeed widespread.

In a lawsuit filed in September, for instance, rental car company Hertz claims that Sambreel is bundling its adware with Pokemon video games, meaning customers are often unaware the software is even there. The Hertz lawsuit, which accuses Sambreel of injecting competing offers right when a customer makes a reservation, cites Sambreel’s own figure that claim more than 20 million “users” and that its “products generated 158 billion advertising impressions” in the last quarter of 2011.

The allegations that Sambreel uses trickery to invade users’ computers is backed by Ben Edelman, a computer expert at Harvard Business School. Edelman says the adware is coming in through various bundles, including “trinkets” like the programs that promises to let you see “who has viewed you on Facebook.” The end result is the same — the user gets a junky product and adware that makes the computer run slower.

How to stop it?

Sambreel may be disturbing but it’s hardly the first time someone has tried to hijack publishers’ ad revenue. As Edelman points out, it was a decade ago that publishers sued ad nuisance Gator for taking over banner ads (the cases settled out of court).

This time around, people are pointing fingers at not just Sambreel but also at ad exchanges like Rubicon. In general, these exchanges provide a useful service for publishers by finding real-time buyers for unsold ad inventory. But in the case of Sambreel, both Edelman and the publishing source say ad exchanges are turning a blind eye to the company’s unethical practices. Rubicon did not respond to an initial request for comment. (Update: In a Monday email, Rubicon wrote to that it  had previously terminated its relationship with Sambreel).

If the exchanges are complicit, they appear to breaching an ethical duty but not a legal one. That means that the publishers may have no choice but to sue Sambreel — which could prove a tall order.

The adware company has already adopted aggressive legal positions, including suing Facebook for antitrust last spring after the social network said it would ban any users who had Sambreel’s Page Rage on their machines. Facebook has moved to dismiss the suit, calling Sambreel a “parasitic free rider.”

Should publishers decide to join Hertz and sue Sambreel directly, they may have to find a creative way to do so. From a legal perspective, Sambreel is likely to argue that users can do what they like with their own computers — including stripping out ads. Hertz is trying to overcome this by invoking New Jersey business and computer security laws.

Ken Basin, an intellectual property attorney with Greenberg Glusker in LA, says publishers can invoke copyright or their terms of service to counter Sambreel. He also suggests that publishers should appeal the federal government to begin privacy inquiries into Sambreel.

(Image by cristovao via Shutterstock)

13 Responses to “Notorious ad hijacker spreads to more media, retail sites”

  1. The two big issues here:
    1) Lack of clear disclosure to users that this Adware will insert ads everywhere. Instead, these consumers simply think NYTimes or Facebook has a horrible user experience (too many ads, lots of pixels, crappy ads in some cases and slow page load times).
    2) This inventory is represented to buyers on RTB platforms as being on NYTimes and NOT “Sambreel software injecting ads on NYTimes”. So buyers are deceived too. Many would presumably agree they don’t want to buy NYTimes inventory through someone doing this, yet they have no way to distinguish between the two.

  2. Do you know who the biggest distributor of Sambreel products is? It’s CNET.COM — yes, the website which built a reputation on providing clean software for windows users! I discovered this today when I downloaded software from CNET — the CNET “download manager” asked me to install Yontoo “Buzzdock”. I guess CBS Interactive has decided that CNET is on its last legs and it’s time to extract as much revenue as possible out of what remains of its reputation…..

  3. Stephen Simpson

    “Facebook has moved to dismiss the suit, calling Sambreel a “parasitic free rider”

    That’s a fine sentiment, coming from a company whose co-founder gave up his US citizenship and fled to Singapore in order to evade hundreds of millions of dollars in taxes!

    • joe shmo

      and is no longer with the company. are they supposed to base all future positions on what their early employees did. damn you for having me defend fb with that illogical, irrelevant attack.

      • Dictating to their users exactly what they may or may not put on their *own* personal computer is the logical terminus of Facebook’s walled garden strategy.

        Alleged “deceptive downloading” would be bad (I would like to see some actual, you know, evidence, first…not complaints from former MSM oligopolists) but I can imagine more than a few legitimate reasons why users would voluntarily and happily download this or similar products.

        If FB/MSM don’t like it…go behind a paywall and get most of your revenue from circulation – you have *zero* right to try and control my computer (exactly what you accuse Sambreel of doing).

  4. randy2098a

    People are not very observant nor very smart when using computers. Victims can go on for MONTHS using a web browser extension that injects ads into web sites. I fell for it myself for a while —a malicious Chrome extension I had apparently installed.

    Attackers are just adding nodes to the DOM. Web developers outside the U.S. can find where the attackers live and poison them. The spammers will suffer debilitating ailments, the causes of which they will be frustratingly unable to fathom, and eventually die off. Meanwhile, those of us subject to U.S. laws on the other hand must find creative ways to control our DOMs.