"Cybercrooks profit from the malware by tapping into affiliate ad network programmes."
Affiliate ad network programs, of course, also benefit handsomely.
But despite this, and despite the fact that without the affiliate ad networks, these particular cybercrooks' business model would be kaput, nobody in the IT press ever calls out said affiliate networks for happily laundering money through their ads, straight into the pockets of the VXers.
Way, way back when, when the 'CoolWebSearch' hijack was going all over the place, I did a rather excruciatingly detailed chunk of research into where the money went. The hijack reset your browser's startup page to a haphazard 'search' site slathered with banner ads. The site, of course, was hosted on some bulletproof server out of China or Russia, but all of the banner ads were 'legit' stuff - and clicks shot right back through to big ad companies like Overture and Doubleclick. I tracked all of it down, complete with IP addresses, ISP info, etc, and called the major players who were involved. The ones who bothered to respond essentially said they didn't give a hot god damn where the traffic came from, that they had policies for their affiliates and it was the affiliates' job to make sure they were playing by the book.
Convenient. They have a policy; their hands are tied; can't blame them!
I was discussing all of this with a reasonably well-known tech journo at the time, and when I put the story together he pitched it to his editor. The editor was apparently impressed, as was the journo; unfortunately, someone from a bit further up the totem pole decided that it shouldn't run.
The site, of course, was ad-supported...