The topic I want to cover today is not really a hacking/cracking in its purest form. Rather, it’s a form of online referrer hijacking, specifically related to the affiliate comission hijacking, and it mostly affects affiliate marketers.

There are a few big distinctions between hacking and affiliate commission hijacking.

Hacking involves compromising user computers, servers, websites or mobile devices. And in most cases hacking/cracking is illegal.

Affiliate hijacking, on another hand, is not illegal (as far as I know). Yes, it’s immoral. Unfortunately, we live in a world with rather low moral standards. Affiliate hijacking, involves intercepting and stripping off affiliate marketer’s affiliate id, inserting attacker’s own affiliate id, and placing his/her own cookie in a computer, in hope to get credited for the sale.

In reality, TOS of the majority of affiliate programs forbid buying through your own link. Affiliate programs are well aware of this practice, so if they see that the purchase is made from the same ip or using the same name/email address, or some other parameters raise the red flag, affiliate commission is annulled.

When affiliate id is stripped, affiliate marketer is not credited for the sale.

But it doesn’t bring any benefit to the person who hijack the affiliate id, because s/he still pays the full price for the product.

The only party who really wins in this scenario is a product vendor, since he gets to keep all 100% of the sale and don’t give anything to the affiliate.

So this kind of behavior is just childish and plain stupid. Not to mention useless.

Yet, to affiliate marketers, it costs tens of millions of dollars in lost commissions each and every year.

If you’re an affiliate marketer, today I’ll show you the tool that will stop the theft of your affiliate comissions:

Phantom Affiliate Protection

To be exact, it will stop around 90% of all the theft. If the person who steals your affiliate commission is familiar with redirects and frames, this little tool won’t stop him. But hey, not everybody is a programmer. In fact, a majority of people who currently strips your affiliate id, have no idea how to write even a simple script.

Let’s say you’re promoting a product X.

If you’re using your affiliate link like this:

http://productX.com?affid=XYZ,

it doesn’t take a genius to figure out that your affiliate id is XYZ.

On another hand, if you use something like this:

http://onlineworldsecurity.com/recommends/productX ,

it’s not that easy to find your affiliate id and steal your commission.

This tool not only protects your affiliate links, it also tracks your promotion campaigns, which is very important if you want to make any money online. Without tracking any marketing is doomed. You can even add scarcity message or signup form to your affiliate link. This way you’re promoting somebody else’s products and are  building your own list at the same time.

Grab your copy here: Affiliate Link Cloacker

Let me ask you a simple question. How many sites are you a member of, and how many different usernames and passwords do you have?

Average internet user has hundreds if not thousands of different logins. Since trying to remember all those passwords is impossible, such user just write them down in an ordinary notepad or word file, and save them on her/his computer as-is, without any protection whatsoever.

May be you’re one of such users. If so, you need to secure this information asap. Otherwise, if your computer is hacked, all your passwords will be readily available to a perpetrator.

Believe me, computer hacking occurs much more often than you think. You probably think it happens to somebody else, but it will never happen to you, right?

Well, let’s see… You’re reading this post, so you’re obviously connected to the Internet. Can you honestly tell me that you know the exact permissions and protocols required by each program installed on your computer? Are you sure that you know the number of processes required by each program, correlated PIDs and port numbers used by this program both for incoming and outgoing connections, as well as ip range?

Do you also know how to identify stealth connections? And, to begin with, how to verify the authenticity of the application/program that you want to install?

If you don’t know answer to all these questions, then you can’t be sure whether your comp is safe or it’s already been hacked and is operated by another man.

I don’t want to scare you. I’m just telling you the facts.

So, if you now keep all your passwords on your comp, I highly recommend you to go right now and purchase RoboForm.

Without going too much into technical details, this password-protection tools stores and encrypts your usernames and passwords for numerous sites, and when you need to login, you just enter one master password. It also fills long registration and checkout forms for you with one click.

And since RoboForm runs a Black Friday Special, right now you can get a discount off first license.

Combine this with the fact that RoboForm uses strong encryption, and can sync your passwords to Pocket Pc and Palm, and you’ll see why I think it became a viable option for password management.

During this year we’ve seen many phishing scams that were pretty simple. In essence, twitter users were asked to go to a certain url (usually to watch some funny video or download digital “gift”), and on that page they saw something similar to twitter login screen. So they assumed they have to login to “twitter” in order to watch this video.

Of course, this “twitter login page” was nothing more than just a page mirroring actual twitter login page, and its whole purpose was to gather the usernames/passwords provided by unsuspicious twitter users…
Then perpetrators used those accounts to twit the same url (and other malicious links containing trojans and viruses) to other twitters.

Watch this video to better understand the mechanics of this twitter phishing scheme:
Now hackers changed their tactics. Sure, “twitter mirror” is very “productive”, so it’s not going anywhere, hackers will continue to use it. But instead of sending twits from the compromised accounts, they now send direct messages.

If you think about it, it’s much more effective for hackers, and much more dangerous for average twitter users.

If twitter user will see a few messages posted on her/his account, s/he will quickly realize that account is compromised, and will change the password. Then the game is over.

With direct messages, on the other hand, it’s quite another story. How many people actually check their outgoing DMs within twitter account? Exactly. Only a few. People look at the incoming DMs, because that’s the messages from their friends. But they probably haven’t look at their outgoing DMs even once since they set up automatic welcome message.

So the chances of average twitter users to notice abnormal DM activity in their accounts are minimal…
If you’re reading this post, and you’re avid twitter user, please go and check your DMs right now. And if you see suspicious activity, change your twitter user/password asap.

Until recently, Google was used by hackers mainly as an excellent source of easy potential hacking targets. With over 8 billion pages indexed and only a small percentage of users knowledgeable about internet security, it was easy to find the websites that could be hacked virtually on a fly. Rather advanced system of Google search operators facilitated this task even further.

Another way to quickly identify the topics of interest and of increased popularity is of course by Keeping eye on Google trends (yet another invaluable tool for both hackers and SEO specialists).

While hackers were playing their games, Black Hat SEO guys were playing theirs, dominating many lucrative SERPs and cashing in on a free targeted traffic.

But to the best of my knowledge, they were not combining their forces, at least at large scale.

Well, now they do.

SEO specialists from Poland identified one of the factors which are currently heavily used by Google to define relevancy of the search results. I’m talking about the velocity. In lame terms velocity is nothing more than the “freshness” of the particular post and links. The more recent the post is, the bigger its weight. Sure, there are many other factors that are taken into consideration as well – such as the number of incoming links, domain age, etc. I’m talking about velocity here, because that’s what allowed seo pros to exploit Google algorithm and, along with artificially generated incoming links, get millions of pages ranked for the keywords of their choice.

This is impressive on its own, though disturbing. What’s even more disturbing, they combine their efforts with hackers, and all those pages were filled with specific type of malware.

Panda Security Labs identified a list of keywords that were compromised. To be more precise, the top SERPs for those keywords displayed absolutely irrelevant results linked to some domains in Warsawa:

http://www.webpronews.com/topnews/2009/04/14/seo-blackhatters-target-ford-via-google

On second thought, it doesn’t mean that hackers and SEO pros are from Poland. It only means that they control the server in Poland, and the domain from Poland.

You probably think this article will be about heroin, cocaine, marijuana, LSD or something similar, right?

Not even close, my friend. It will be about something you’re very well familiar with yet you never thought about it as a drug (though you really should).

Introducing: Virtual Drug

By the way, marijuana and LSD are not as dangerous as they sound. There are some legal substances that are more dangerous. According to the study published this year in “The Lancet”, alcohol and tobacco are much more dangerous than marijuana or LSD and are included in the list of the 10 most dangerous drugs in the world. As you know both alcohol and tobacco are legal, and marijuana is forbidden in most countries. Just a food for thought. You can clearly see from this example that if something is legal it doesn’t necessarily mean it’s harmless and vice verse.

Why did I decide to emphasize this fact? Because today we’ll be talking about something that is as legal as it gets yet at the same time it has high level of risk based on all the risk factors that are usually considered during the analysis of the risk level for potentially dangerous substances.

There are many risk factors that could be considered for such analysis, and the factors could vary. But here are the 3 major factors that are considered in one form or another in all such analysis.

· What is the level of physical harm the drug could potentially cause to the user?
· What is the level of addiction? (In other words, how easy and safe would it be to withdraw from further usage if the user would decide to stop?)
· What is the overall drug impact on society at large?

Soon you will find out what I consider the worst drug on the planet. But first let’s establish a few statements.

Statement 1. Most drugs could be useful in a small dosage.

In order to agree on this it’s enough to remember that many drugs are used as a pain-killers. And some have unique healing qualities that are hard to find in other medications. For example, according to several researches, THC can help to prevent cancer. Let’s not forget that it’s the main active ingredient of marijuana.

Statement 2. The over-dose can seriously harm the individual or cause the lethal outcome.

I don’t feel that for this statement we need to search for any proof – just look at thousands of people dying every year from drugs.

If you think about it, any substance or influence that has high impact on individuals based on those major risk factors and 2 statements mentioned above, should be considered a drug.

So why do we usually limit our comprehension of drugs to physical substances only?

For example, what about all those ads that you see on your TV each and every day that are brainwashing you? (Yes, I know, you can order TiVo or similar services and fast-forward all this trash, but it’s rather expensive and is not used by a large percentage of general public).

Now let’s look at another service that is used by the majority of people on the planet. I’m talking about Internet. Yes, the Internet, this information super-highway. Is it good or evil? It certainly has over-grown its initial purpose of providing the easy ways of worldwide communications a long time ago and now can be not only extremely useful but extremely dangerous as well.

Remember, many drugs can be useful in small dosage, but they are deadly in big portions. The same is true about the Internet.

Paradox, but its danger lies in its extreme usefulness and self-sufficiency. Internet resembles the snake biting its own tail. In a small dosage it’s very helpful – you can get virtually anything on the Internet – from information on any subject to any product.

However, the strongest side of the Internet is at the same time it’s weakest spot.
Since people can find whatever they want on the Internet nowadays, a rare person can restrict himself/herself from not using it for more than a few hours per day.

Let’s scrutinize the Internet through a prism of the 3 major risk factors we listed earlier.

  1) Physical harm or influence on a health of the individual.

There is a whole range of direct and indirect health problems that can be caused by the Internet. Direct health problems derivate from the fact that Internet is most frequently accessed through computers. And sitting in front of the computer screen for long hours without often breaks will lead to diminishing eyesight, headaches, neck and shoulder pain.
But at least direct physical problems are not lethal. Now let’s look at indirect ones. On the Internet, you can get both legal and illegal products with almost the same ease.

Hacking manuals? Drugs? Illegal weapons? Money laundry? Pornography? People can get anything, and it’s much more difficult for authorities to track the source of delivery than if the trade would take place in a physical world.

And people get a sense of pseudo-safety since they do not physically participate in the trades, and they don’t see criminals with guns and all other usual attributes of such “meetings”. In reality if they are buying/selling “stuff” from their homes it doesn’t mean they can’t get in trouble or seriously hurt/killed participating in such “deals”.

There are numerous other ways that Internet can be used to trick people into different scams (through phishing, spamming, etc). And people can be seriously hurt.

Not to mentioning online predators who use popular social networking sites and chats to find new victims. Of course there are filters that could be used to limit children exposure to sites with sexual content and to potentially dangerous chats and forums. But they are not 100% effective – child can simply go to the computer without filter.

Sure, you can say that these examples have nothing to do with the Internet, all those crimes could happen in the offline world too. And my answer to you would be: Internet made all those things much easier, more accessible, lightening fast and available worldwide. At the same time it provides the false sense of pseudo-safety. All things combined, it increased crime ten-fold.

I hope now you can see that based on the “physical harm” risk factor this virtual drug deserves to be placed on the highest position.

  2) Now let’s look at another risk factor – addiction.

How many times per day do you check your email? How many hours per day do you spend online? Come on, be honest. And if you would be unable to check news or chats, see your favorite sites or check emails every day would you feel uncomfortable? Wouldn’t you try to find wireless access asap to login your laptop? Even when you’re on vacation? I rest my case. For many people it’s almost impossible today to live without the Internet.

Which brings us to the last risk factor:

  3) Drug impact on society at large.

None of the currently existing physical substances has even remote impact on society as Internet does.

And I am not talking here about the positive influence of the Internet, far from it. Millions of people around the globe have buried themselves in the virtual world trying to avoid a harsh reality of the physical one.

Millions and millions have been scammed out of their last pennies through different MLM schemes, Forex/stocks super-returns schemes, spending tens of thousands of dollars buying “how to become filthy rich in 1day” type of “manuals”, etc.

Countless millions of Internet users spend all their “free” time and sleepless nights online trying to build their online businesses. While there is nothing wrong with this approach, it doesn’t hurt to remember that only 5% of such businesses succeed and you need a substantial set of skills to become successful online or a budget to hire people with those skills. And the rest 95% lose all their money, hope and in many cases – their families too. Not many spouses are willing to put up with their better halves spending all the time on the computers…

Here you have it – brief introduction to the Virtual Drug – the most dangerous drug of the 21st century….