Thousands of tech-savvy Eastern Europeans are earning up to $US4000 ($4600) a day for each spam campaign selling illegal penis pills, fake anti-virus software and counterfeit luxury products.
An investigation by Russian security researcher Dmitry Samosseiko found most spam on email, search engines and social networking sites originates from well-organised Russian affiliate networks - known as "partnerka" - which pay people generous commissions for referring unwitting web users to their illegal products.
"Thousands of affiliates, each calling themselves a 'webmaster', work day and night to drive as much user traffic to their partners' stores as possible," Samosseiko, who is head of Sophos's Canada virus lab, wrote in a report.
"The stores sell fake watches, fake anti-virus software, fake pills and fake love - the webmasters get their commission, making thousands of dollars per day."
The affiliates refer people to the networks' products by setting up scores of bogus web pages and commanding "botnet" armies of infected computers to send spam. They use black hat search engine optimisation techniques - and even monitor search term trends - to ensure their pages appear towards the top of search results.
Software tools such as John22, A-Poster, Xrumer, ZennoPoster and DarkMail automate much of this process, including generating seemingly legitimate websites based on content from Wikipedia articles.
The affiliates are paid a commission for every product they sell or for every computer they infect with malware, depending on the type of scheme.
The products include generic drugs produced without a licence, fake Viagra, pornography, pirated software, casinos, dating services and fake Rolex watches.
"Just as web 2.0 is about user-generated content, today's web and email spam (Spam 2.0?) is generated by a massive number of affiliates who direct traffic to a partner site to get their share of the revenue," Samosseiko wrote.
One of the oldest and biggest affiliate networks is known as GlavMed, which sells bogus pharmaceuticals under brands such as "Canadian Pharmacy".
Although GlavMed claims to have a strong anti-spam policy, searching its phone number reveals more than 120,000 online pharmacy sites selling generic drugs.
During his research, Samosseiko uncovered a log file showing purchases made for GlavMed products. GlavMed advertises on its website that it pays a 40 per cent commission fee to affiliates, while the log file showed the average purchase was worth $US200.
"This data revealed over 20 drug purchases per day per spam campaign, which can add up to $1600 paid in commission fees per day," Samosseiko wrote.
GlavMed is just a drop in the ocean of bogus pharma businesses which includes names such as Stimul-cash, Rx-partners, Rxcash.biz, Evapharmacy, Rx-Signup.com and DrugRevenue.
Among the most prevalent internet threats today is known as "scareware", which is malware that convinces users that their computer is infected with thousands of viruses, before offering to sell them fake anti-virus software to fix those so-called infections.
One scareware vendor, Topsale2.ru, says on its website that it only accepts traffic from the US, Canada and Australia and pays up to $US25 commission for each fake anti-virus software sale. It says the average member can make a $US4916 commission in 11 days.
"We can see how a successful webmaster can make over $US180,000 per year on this network alone from traffic averaging 10,000 visits per day," Samosseiko wrote.
"Assuming that most webmasters direct their traffic to more than one sponsor at a time, it is no surprise that affiliate marketing and black SEO are extremely appealing career paths for a computer savvy person in Eastern Europe."
A previous investigation by a US security researcher into fake anti-virus software found cyber criminals were earning up to $US150,000 a week selling copies of Antivirus XP 2008 and 2009 to naive internet users for $US49.95 a copy.
Sydney Morning Herald