Firstly... where can i find affiliate programs.. ?
This is just a list of five different forums, but there is really alot of others forums, google will help you ;)
When i started on this, i've hacked some botnets panels (SpyEye mainly) for do my screenshots.
I've saved the SpyEye pages (in case of server shutdown)
Saving botnet pages is a good idea because you can fake the number of online bots/date with your favorite text editor and do integration easily.
Now, if you have no knowledge on hacking you can alway lurk on russian forum like antichat.ru
and look for other peoples who leave screenshots of statistics, you can retake these screenshots and use/photoshop them.
If you want some examples of screenshots found
(Yamba FakeAV affiliate)
(Ready to Ride)
A good way to get inside is to speak Russian, they will more suspect European guys than Russian.
Also don't talk only about the program, talk about life and weather, try to be appreciated by your interlocutor.
Before the first contact on ICQ/JID, do some research if you can, what they likes, server infos if you know already the affiliate url... every detail is important.
It's probably a hard part because they are here for business, not for talk on forums.
If they use ICQ you can know if they are online or not via the ICQ site, just modify the number in url:
You can also use WebICQ if you don't want install ICQ:
A good idea is also to build fake profile on russian forum, (post some messages/threads should be enought)
Now, when you have screenshots, profils, a proxy and enought infos, you can launch the conversation.
Example here, with Mark of RX-Partners (pharma affiliate) I've volunary used a picture of Anna Varney as avatar.
Choose the good words also, for a pharma affiliate you can says that you do traffics with doorways and use a TDS it's appreciated.
After if they accept spam you can says that your mailling is ready etc...
For a FakeAV affiliate, they like USA/CA/UK installs, if they ask you your method, told them by exploit kits, but be careful they can ask you a stats link or screenshots, so prepare all your faked material before.
It's just a story of organisation.
Example of infiltration with BestAV (FakeAV affiliate)
We are the Friday 8 mays and the Euro 2012 was just launched, Russia is currently playing against Czech Republic, i've waited the end of match to launch the conversation. (Russia have won 4 - 1, another good factor, he should be happy of this)
If you decide to pose as bad guys in russian langage, use also russian service, like here for hosting screenshots i've choosen radikal.ru
For those who don't understand the conversation
He asked me screenshots of affiliate and some profile of me on russian forums, i maked him wait because friends are here due to soccer.
During this time i searched a way to solve the screenshots issue, finally i've changed my plans about BTC and gived him a fake R2R payement screenshot instead.
Finally everything was fine as alway and he accepted to register me.
So, here is some fresh screenshots of inside the BestAV affiliate, main:
Russian language tactic is good, that not the first time i do that
Хендехох Affiliate (Ransomware) , Money racing AV (FakeAV) , BTC (FakeAV) etc...
And some affiliate want only russian people, that a problem for alot of European who try to get inside russian cybercrime.
I'm not a native russian speaker i take lessons on internet for the moment, a good way is to have a friend who speak Russian and can translate your English to Russian.
Don't use online translator service like Google Translate, they will understand immediately that you are not russian.
And even you, there is some word that Google Translate fail to translate
Here is some catchphrases in order to help you:
And after when you have access to the affiliate you can save the pages and edit statistics for pose in another affiliate...
In order to help you, like for affiliate urls here is a package of five different programs, this should be enought for start ;)
Ok... i'm inside, what's do ?
Do what's you want, take pics and make a blog :)
If it's malware related send the credentials to antivirus companies (that what i've do for BestAV, even shared it to a USA university)
OmGz i got discovered !
Learn from your mistakes and try again later.
Affiliate is closed !
When all else fails... take your crowbar.
Try to log with basics user/pw:
Example with BestAV:
Let's have a look with the IP...
we try test:test and... cool a ghost PPC affiliate.
Otherwise you can try by brute force
Bruteforce/guessing of filenames/folders
Metasploit dir_scanner/brute_dirs modules:
Here for example, on a affiliate i've found these TaskFreak! access by bruteforcing directories.
But take care anyway, they can trick you with "anti-scan" script like this:
If you know it's not custom coding, example for Mailien (pharma who allow spam)
They use Post Affiliate Pro http://www.qualityunit.com/postaffiliatepro/
Just need to get the script and search inside for vulnerabilities or even try to look for the version of the script if they use a nulled version.
This is what's happened to the private AV checker "myavscan.net"
They suffered of a SQL vulnerability in the CMS and now you can find the source code available for sale on Russian forum.
After there is alot of others technics but you know.. a magician never reveals his secrets... and seriously this should be enough for you :)
Ah, and the network really need more independents guys who do malware research for fun, check these blogs they are cools:
rkhunter blog, The MalwareLab Blog, Malwares don't need Coffee, Tracking Cyber Crime, cyb3rsleuth
(listed without preference order)
Edit 19 Jun:
Also, alot of guys ask me how i do my visual map