Secureworks researcher Kevin Stevens has written a must-read article on the Pay-Per-install business model (PPI) that is used primarily to spread spyware and malware. The article discusses the way the affiliate system works, with layers of files and software programs that power the installation of malware on hijacked Windows computers. Stevens provides considerable details on the methods and tools used by cyber-criminals, the seedboxes and crypters that are used to get around anti-malware detection and the clever black hat SEO techniques used in social engineering attacks.
Source: https://threatpost.com/inside-pay-install-malware-economy-100909/72202/