Jeremy Hulse, APAC vice president of sales for M86 Security, explores the dangers of affiliate programs and actions that can be undertaken to shut down illegal operations. Been spammed before? You’re going to enjoy this.

E-marketing can be an excellent means of communicating with business customers and general consumers in an immediate and economical manner. However, unsolicited bulk spam is both irritating and can be potentially dangerous.

The Australian Spam Act, which took effect on 11 April 2004, states that it is ‘illegal to send, or cause to be sent, unsolicited commercial electronic messages’. This act covers email, instant messaging, SMS and MMS of a commercial nature. Despite the illegal nature of spam, it is still a widely used practice today.

We have all seen the progress that security vendors and law enforcement have made in the fight against spammers and cybercrime, whether taking down a botnet operation or arresting a cybercrime gang. While this is great progress, we can’t help but think that we are targeting the foot soldiers, the cannon-fodder of cybercrime, where it may be more impactful to go after the bigger fish; otherwise known as affiliate programs.

Affiliate marketing is the practice in which a business rewards one or more affiliates for each visitor or customer brought about by the affiliate’s own marketing efforts. Affiliate programs are the financial middlemen between vendors looking to market their products and marketing companies looking to advertise and market products. Legitimate affiliate programs and marketing companies do exist, such as those offered by companies like Amazon, but it can be tough for individuals new to the affiliate marketing game to weed out the good from the bad.

The recently released M86 Security Labs report found that spam volumes were subdued in the first half of 2011. This reflected substantial changes in the underground spamming ecosystem and the elimination of one of the so-called ‘big fish’. Spamit.com, an underground affiliate program used by several spamming botnets, shut its doors literally overnight in late September 2010. Subsequently, spam as a percentage of total inbound email dropped from approximately 90% in September 2010 to 77% in June 2011.Although the overall spam volume is much lower than last year, it is growing once again. In the last few months M86 have seen an increasing trend in the Spam Volume Index.

However, the significant drop in spam levels following the shutdown of Spamit.com suggests the increased urgency to target these larger operations. For the duration that M86 has been monitoring spam levels, the SpamIt.com closure has had the biggest and longest lasting effect on Spam volumes.

How to go after Affiliate Programs

Any action in the fight against cybercrime is worthwhile, but we always have to be mindful of how effective each action is – is there a more efficient way? Successfully identifying illegitimate affiliate programs is important because closing these down can have a more significant impact on cybercrime and spam levels, than individual botnet take-downs.

Once a particular affiliate program has been identified and confirmed as illegitimate, there are several measures that can be taken. First, details should be passed onto security researchers and law enforcement who can take the necessary actions to shut down the illegal operation.

Also, valuable lessons can be learned from the Spamit.com closure and the impact that public ‘naming and shaming’ can have. M86 and other organisations were regularly blogging about Spamit.com’s activities in public forums and blogs. It is highly likely that the growing negative attention they were receiving online contributed to their decision to cease operation.

As individual consumers we can do our part by demonstrating vigilance and care in our online behaviour. If you come across something online that seems too good to be true, it probably is. You can also gauge by the products and services offered whether an affiliate program is legitimate or not. Where possible, gather the facts and statistics and pass them onto the proper authorities who can take the relevant actions to reduce cybercrime and spam rates. By targeting affiliate programs, which has proven to have the most lasting and significant effect, spam levels will drop significantly and legitimate e-marketing will gain credibility amongst business customers and consumers.