2008-05-01
Abstract
Malware package distributed with EULA.
Copyright © 2008 Virus Bulletin
Concerned about the trustworthiness of their customers, creators of malicious software have started taking the precaution of including licence agreements in the packages they distribute in the underground.
According to researchers at Symantec, a EULA contained in the Infostealer.Banker.C or ‘Zeus’ malware package specifies that the purchaser of the malware may not distribute the product for any business or commercial purposes, may not disassemble or study the binary code of the bot builder, may not use the control panel as a means to control other botnets, must not send any portion of the product deliberately to anti-virus companies, and must agree to pay for any update to the product other than the fixing of programming errors.
In an attempt to make sure users abide by these rules, a warning note is added which advises the user that, should they violate the terms of the agreement and be found out, then not only will they lose any technical support for the product, but the binary code of their bot will immediately be sent to anti-virus companies.
The fact that the package was being traded freely in underground forums shortly after it was released suggests that it is as hard to enforce the terms of a licence agreement for malware as it is for legitimate software – or maybe that the user of a malicious software package is as unlikely to read a EULA as users of legitimate software.
