Or does scumware grab the URL and process it after a visitor has clicked on it?

Yes that's what it usually does. Usually it is the keywords in the name of the url or on the page of the site they go to that triggers the scumware. So like if you send someone to Ebay.com with your affiliate code your affiliate cookie will drop just fine into the visitors browser (as long as they are accepting cookies). The problem is that once they are there the keywords that show they are on ebay's site by there url will cause the scumware to know that and to steal the credit they will pop up either a double window or an invisible pop up. A double window means they will just do a pop up of ebays site in another window on there screen even though they are already there. That way when the new window pops up it has there own affiliate code embedded in it and that overwrites your cookie that just dropped into there browser. Because Ebay, CJ and most of these affiliate programs give credit to the person with the last cookie. Anytime a surfer clicks on or gets a cookie forced on them it overwrites any older ones they might have had. Even if it is 2 seconds later. Doesn't matter. When they do invisible pop ups it does the same thing as the double pop up. Only the user does not see another screen pop up. They see nothing at all. It looks to them like nothing strange has just happened and just like they surfed to the merchants site from yours and that's it. But your cookie was still over-written by the invisible pop up the scumware launched once they got to the merchant site.

Sucks eh.

Yeah it really does suck...so my idea is basically a waste of time!

Are there any ways to combat this?

The only way I know of is to not promote merchants who affiliate themselves with scumware and allow it. You can do masked re-directs but that would only mask the URL of the merchants site. If the scumware is also reading the page html text then that might trigger there pop-ups as well.

Another thing that you can do is to run a spyware/scumware detection script on your site that has your affiliate links and if someone is infected they will get a warning about it with a link to a spyware removal software site that you can sign up to be an affiliate with. Just make sure that they are a good and honest one. Then at least you will get money for these people to remove there spyware infection once you alert them to the fact. And if they are not infected then they will just get your normal page and links to the other affiliate merchants.

That's a pretty good idea. Hadn't you mentioned that in a previous thread as I recall? Can you please sticky me some details on this script and the scumware removal program so that I may implement it on my website?

Interesting.. I'm going to look into these sort of things more.. My speciality is security, so this will be fun.

Scumware only works with affiliate programs who agree to pay them. The best way to avoid it is to avoid those merchants who do not openly disallow them. If you can't find their policy, ask them specifically.