The market appears to have made some progress in fighting cybercrime, spam and all the other security threats, but how much progress have we really made? In the spam area for example, attempts have been made to take down several bot networks which had limited success. However, once Spamit, a well known affiliate program used by spammers decided to close its doors, spam levels plummeted overnight. The lingering question is: are we targeting the right sources of the problem? Should we, instead, be trying to identify the money trail in cybercrime and would disrupting the trail help reduce the explosion of cybercrime levels? Affiliate programs are run by legitimate businesses and ones not so legitimate. This session looks at the different types of affiliate programs such as pay-per-install and spam referral programs, the players involved in the cybercrime community and how we know who is legitimate and who is not.