BrandVerity
 

Sophisticated URL hijackers seem to have settled on a set of tactics designed to minimize the discoverability of their affiliate ID. They’ve learned that their ads are discoverable and have been investing in steps to prevent detection of their affiliate ID. While we have seen a wide range of skills, the use of [...]

I had a fun video chat with Jamie Birch of JEB Commerce a few weeks back. We touch on a number of the challenges facing affiliate managers and discuss the details associated with the CSS History Hack and referrer laundering.
You can see the full video on the JEB Commerce blog.

Recently we’ve seen affiliates exploit a hole common to web browsers to evade detection from affiliate managers. The hack is known as the CSS History Hack and it exposes information about what sites you visited before. Affiliates use this technique to determine if a web visitor is an affiliate manager (or network representative), and [...]

We recently discovered a Cross Site Request Forgery (CSRF) vulnerability in Bit.ly that is being used by affiliates to insert affiliate links into bit.ly accounts.
A quick primer on CSRF attacks (from wikipedia):

The attack works by including a link or script in a page that accesses a site to which the user is known (or is [...]

Reverse IP geo-targeting is one of the most commonly used techniques by trademark infringing affiliates.  They hide themselves from occaisional monitoring by showing their ads to every geography except the geography where they believe the brand-holder is monitoring from.
For example, Gap’s corporate headquarters is located in San Francisco.  A Gap affiliate could target their ads [...]

Referrer Laundering

Referrer Laundering is a technique frequently used by ill-intentioned websites to redirect traffic on to a second party, while masking the actual origin of the traffic. We see it frequently in affiliate search engine advertising – the user experience typically looks like this:

User searches for “SampleStore”
User clicks search ad for SampleStore.com
The user is taken [...]