Why on Earth is there so much spam?

That question has flummoxed most people with an inbox. Many wonder who keeps spammers in business by actually buying the sexual performance enhancing drugs on offer, or investing in the dubious business propositions advertised.

The answer, it seems, is plenty of people.

According to research by Dmitry Samosseikoare, who heads security vendor Sophos’s Canadian virus laboratory, sending out spam emails is so potentially lucrative that an Eastern European spammer can earn up to $4,000 a day in commission from a single campaign.

Samosseiko’s in depth study of spammers' business models found that most subscribe to Russian-run affiliate programs called “partnerka”. “All partnerkas are in strong competition with each other,” he writes. "Allegiance is earned through more generous commission rates, shorter ‘hold’ periods, support for a wider range of payment methods (ePass, WebMoney, Fethard Finance, wire transfers), higher quality promotional material, better support, etc."

“Many partnerkas organize expensive parties for their members, send generous gifts for holidays, run lotteries where a top producer wins a luxury car, and the list goes on. In some cases, the war between different partnerkas turns ugly, where one portal may get [attacked via denial-of-service] by a competing gang.”

One of the oldest and largest partnerkas, GlavMed (also known as the ‘Canadian Pharmacy’ brand), offers spammers a 40% commission on products sold, Samosseiko reveals.

Sales, visits and commission statistics appear in real-time on the spammer’s admin area of the partnerka’s portal. One log file obtained by Samosseiko revealed that every spam campaign generated an average of 200 purchases a day, each worth around $200: a haul of $16,000 for the spammer.

More worringly, similar commission-based networks known as ‘codec-partnerkas’ operate among malware distributors, named after “the commonly used social engineering technique that fools people into installing a video codec or a Flash player update to watch video content. The commission paid to affiliates is usually based on the number of ‘loads’ (installations) achieved.” In one instance, the commission paid for every infected Mac was $0.43.

And if you thought no one would fall for sites advertising ‘scareware’ fake anti-virus products, you’re wrong: for every 1000 users infected by a particular fake AV product, 10 end up paying for it. Samosseiko estimates that a successful ‘webmaster’ on scareware platform Topsale2.ru “can make over $180,000 per year on this network alone from traffic averaging 10K visits per day. Assuming that most webmasters direct their traffic to more than one sponsor at a time, it is no surprise that affiliate marketing and black SEO are extremely appealing career paths for a computer savvy person in Eastern Europe.”

In short, he says, “crossing the ethical boundary pays well.”