Selling botnets for particular attacks, black markets for stolen identities, and malware construction kits are all now par for the course for the increasingly commercial malware industry. Discovering that malware authors have actually turned to End-User License Agreements (EULAs) in an attempt to protect their own intellectual property, however, most definitely qualifies as something new, different, and beautifully ironic.
Symantec security researcher Liam OMurchu has details on this latest development. The help section of the latest version of the Zeus malware states that the client has no right to distribute Zeus in any business or commercial purpose not connected to the initial sale, cannot examine the source code of the product, has no right to use the product to control other botnets, and cannot send the product to anti-virus companies. The client does agree to “give the seller a fee for any update to the product that is not connected with errors in the work, as well as for adding additional functionality.” Modern license agreements take a great deal of (deserved) fire for being absurdly draconian, but even the likes of Adobe and Microsoft don’t claim that purchasing a version of their respective products locks the user into buying future editions.
It’s obviously difficult for the manufacturers of an illegal product to threaten legal sanctions against an infringer, but the Zeus authors give it their best shot. According to the EULA, “In cases of violations of the agreement and being detected, the client loses any technical support. Moreover, the binary code of your bot will be immediately sent to antivirus companies.” Frankly, “We’ll blow your kneecaps off and feed them to you,” might be a bit more effective as a threat, but I suppose it’s a bit hard to carry out that threat over the Internet.