Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

03:42 AM

The Dark Side of Affiliate Marketing

Sketchy affiliate marketers increasingly act as the mediators between scam artists and spammers

Affiliate marketing has become a popular method for retailers to expand their distribution networks. But affiliates may also help the scammers as well, according to a researcher who will be speaking at the Black Hat USA conference this week.

Click here for more of Dark Reading's Black Hat articles.

Unethical affiliates are at the root of an inordinate number of ills perpetuated by the Internet's criminal element, acting as facilitators for scam companies selling drug knock-offs and botherders who bombard consumers with spam, according to Bradley Anstis, vice president of technical strategy for M86 Security.

Putting the screws to sketchy affiliate marketers may be one of the most effective means for fighting spam and botnets, Anstis says.

"Security research is going after botnet networks, and they're going after all those sorts of aspects of the cybercrime ecosystem. But affiliate programs can also have a pretty interesting effect on cybercrimes," Antsis says. "We're trying to raise awareness and understanding of affiliate programs so that when the researchers come across a dodgy or an iffy affiliate program, they can have some ideas on how to recognize it as such -- and then some ideas and suggestions as how to go after it."

Antsis has spent the last few years studying botnet networks, spammers and crooked "retail" operations. These bad guys are often tied to a smaller number of affiliate marketers who seem to do the logistical marketing management for scammers who don't know how to do it on their own.

"So [scammers] talk to the affiliate program, and the affiliate program is kind of the go-between organization, a middle-man between the spammers and the actual merchants," Anstis says.

Affiliate programs will design website templates for to hook customers after they click on an enticing spam message or online ad, Antsis explains. Scammers often pay big bucks to run advertising campaigns -- just like any legitimate marketer -- and the affiliate may even handle the order-fulfillment process. For their trouble, affiliates usually get a cut of the sales they generate.

Depending on the clients they represent and how legitimate their product claims are, these spam-happy affiliates sometimes operate just within the bounds of the law.

And sometimes they don't. Within the last few months, the FTC has been working on a multi-state lawsuit sting to punish a cluster of affiliates responsible for the ever-present 'belly fat ads' that have plagued the Internet for the better part of a year now. While the ad and general marketing scheme they use is the same, affiliates crib from one another to save on overhead, Anstis says. They also are pitching a wide range of other scam products, including acai-berry supplements as a diet miracle.

The FTC intervened because the affiliates involved were linking the ads to fake news sites and fake articles to enhance the sales pitch.

"Both the merchant and the affiliate can make money. Here's the problem," Steve Wernikoff, an FTC attorney, told the media in April when the FTC filed 10 lawsuits against affiliates and other firms mixed up in the acai-berry scam. "Sometime affiliates are willing to cross the line to generate the sale."

While the FTC is making some noise, there are many affiliates that get away with their exploits, Anstis observes. The security research community might be able to help -- Anstis points to the shutdown of the notorious affiliate Spamit last year due to negative pressure from a variety of security outfits and other interested people. He hopes security professionals can keep up the pressure.

"The piece that really nailed it for us was the closure of Spamit last year, in which we saw the volume of spam plummet overnight," Anstis says. "Rustock just went completely dead, and those spam volumes haven't recovered to the volumes they were at before. The closure was the single biggest impact on spam volumes in the last four years."

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
1/18/2014 | 7:17:01 AM
re: The Dark Side of Affiliate Marketing
If somebody has to join affiliate marketing, this article has to be read. This would make a clear insight for them about the realities of affiliate marketing. I think this are the things what makes the claims affiliate marketing a scam and feel that itGs not worth the work involved.

Affiliate marketing Enthusiast
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. T...
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. Howeve...
PUBLISHED: 2020-09-23
An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is conceptually similar...
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory a...
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones. 32-bit x86 domains...