Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

03:42 AM

The Dark Side of Affiliate Marketing

Sketchy affiliate marketers increasingly act as the mediators between scam artists and spammers

Affiliate marketing has become a popular method for retailers to expand their distribution networks. But affiliates may also help the scammers as well, according to a researcher who will be speaking at the Black Hat USA conference this week.

Click here for more of Dark Reading's Black Hat articles.

Unethical affiliates are at the root of an inordinate number of ills perpetuated by the Internet's criminal element, acting as facilitators for scam companies selling drug knock-offs and botherders who bombard consumers with spam, according to Bradley Anstis, vice president of technical strategy for M86 Security.

Putting the screws to sketchy affiliate marketers may be one of the most effective means for fighting spam and botnets, Anstis says.

"Security research is going after botnet networks, and they're going after all those sorts of aspects of the cybercrime ecosystem. But affiliate programs can also have a pretty interesting effect on cybercrimes," Antsis says. "We're trying to raise awareness and understanding of affiliate programs so that when the researchers come across a dodgy or an iffy affiliate program, they can have some ideas on how to recognize it as such -- and then some ideas and suggestions as how to go after it."

Antsis has spent the last few years studying botnet networks, spammers and crooked "retail" operations. These bad guys are often tied to a smaller number of affiliate marketers who seem to do the logistical marketing management for scammers who don't know how to do it on their own.

"So [scammers] talk to the affiliate program, and the affiliate program is kind of the go-between organization, a middle-man between the spammers and the actual merchants," Anstis says.

Affiliate programs will design website templates for to hook customers after they click on an enticing spam message or online ad, Antsis explains. Scammers often pay big bucks to run advertising campaigns -- just like any legitimate marketer -- and the affiliate may even handle the order-fulfillment process. For their trouble, affiliates usually get a cut of the sales they generate.

Depending on the clients they represent and how legitimate their product claims are, these spam-happy affiliates sometimes operate just within the bounds of the law.

And sometimes they don't. Within the last few months, the FTC has been working on a multi-state lawsuit sting to punish a cluster of affiliates responsible for the ever-present 'belly fat ads' that have plagued the Internet for the better part of a year now. While the ad and general marketing scheme they use is the same, affiliates crib from one another to save on overhead, Anstis says. They also are pitching a wide range of other scam products, including acai-berry supplements as a diet miracle.

The FTC intervened because the affiliates involved were linking the ads to fake news sites and fake articles to enhance the sales pitch.

"Both the merchant and the affiliate can make money. Here's the problem," Steve Wernikoff, an FTC attorney, told the media in April when the FTC filed 10 lawsuits against affiliates and other firms mixed up in the acai-berry scam. "Sometime affiliates are willing to cross the line to generate the sale."

While the FTC is making some noise, there are many affiliates that get away with their exploits, Anstis observes. The security research community might be able to help -- Anstis points to the shutdown of the notorious affiliate Spamit last year due to negative pressure from a variety of security outfits and other interested people. He hopes security professionals can keep up the pressure.

"The piece that really nailed it for us was the closure of Spamit last year, in which we saw the volume of spam plummet overnight," Anstis says. "Rustock just went completely dead, and those spam volumes haven't recovered to the volumes they were at before. The closure was the single biggest impact on spam volumes in the last four years."

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
1/18/2014 | 7:17:01 AM
re: The Dark Side of Affiliate Marketing
If somebody has to join affiliate marketing, this article has to be read. This would make a clear insight for them about the realities of affiliate marketing. I think this are the things what makes the claims affiliate marketing a scam and feel that itGs not worth the work involved.

Affiliate marketing Enthusiast
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: A GONG is as good as a cyber attack.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-11-24
Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients. If such a malformed event is accepted into the r...
PUBLISHED: 2020-11-24
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.
PUBLISHED: 2020-11-24
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal.
PUBLISHED: 2020-11-24
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags, leading to Remote Code Execution.
PUBLISHED: 2020-11-24
Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.