Malware and Adware

Web-based cookie-stuffing is not the only way that rogue affiliates create fraudulent clicks. Unethical affiliates have been using malware and adware to drive traffic, steal from merchants and other affiliates, and participate in “cookie-stuffing” for many years. This section will explain how malware and adware work and examine the way they contribute to false clicks and other violations of affiliate Terms of Service agreements.

What is Malware/Adware?

Malware and adware includes programs such as spyware, pop-ups, and pop-unders. Oftentimes these programs are installed on users’ computers without their full knowledge or express permission.

Malware and adware work in various ways to drive traffic to an affiliate, often to the detriment of the merchant and other honest affiliates. This software tracks users, granting the affiliate detailed information about a user’s online activity so that the user can be targeted more directly. Using information gained about the user’s searching and purchasing, this software can launch various ads or browser windows that cookie-stuff and steal from the merchant and other affiliates.

“Pop-Ups, Pop-Unders and Hidden Windows”?

Pop-up ads are generally designed to recognize when a user is navigating to a site and then show an ad for a competitor. Often these ads cover large portions of the user’s screen and the hope, on the part of the advertiser, is that the user will choose to buy from the competitor instead of the site to which they originally navigated.

Abusive affiliates, however, may use pop-up advertising to drive affiliate income. Instead of opening up an ad for a competitor, the adware opens up a window for the site the user was already on; only this time, it is opened through an affiliate link. For example, if a user navigated to, the pop-up would show again but this time loading an affiliate cookie in the user’s browser. This sort of abuse can appear at any point while a user is browsing a website, but is frequently targeted at urls used in the purchase process. Again, the merchant ends up paying a commission for a customer who had already arrived at their site without any help from an affiliate.

These pop-ups might be very visible or nearly invisible. By opening a window off-screen or so small as to be nearly invisible, abusers can perform much the same trick as explained above. Instead of showing a duplicate window, one is opened in the background, which activates an affiliate link and makes it seem to the merchant that the affiliate drove the sale.

  • Transactions with missing HTTP Referrer headings
  • Unusual conversion rates (high or low)
  • Affiliates sending traffic in the middle of a user session

Countering Malware and Adware

Uncovering clear evidence of malware and adware can be quite challenging and takes a healthy degree of technical sophistication. The best approach for most organizations is to work with a consultant that operates their own malware lab. Another technique to counter malware is to maintain a high standard for affiliates you approve into your program.

Cookie Fraud Consultants

  • Various consultants will also perform these services for a fee. Ben Edelman has built a sophisticated lab that monitors a wide range of malware programs for abuse by affiliates. Kellie Stevens also provides a service that highlights affiliates found running malware. More information about both consultants and their services can be found in the Resources section at the end of this book.