I figured an end user licence agreement (EULA) was bound to appear in the malware market as the tools were moving towards finance profits goals. Years ago, I had joked that someday a malware author would be in court for two cases involving his code: one as a defendant in a computer offence case and the other as a plaintiff in a copyright case against somebody violating the code's licence agreement.

The dual court cases hasn't yet happen but Symantec Security Response Weblog has reported a EULA found in the help files for "Zeus" malware package.

A screenshot of the Russian language EULA from the Symantec Weblog.



Symantec translates the Client agreement as saying pretty much what most EULAs state minus the "bot" references:

1. Does not have the right to distribute the product in any business or commercial purposes not connected with this sale.
2. May not disassemble / study the binary code of the bot builder.
3. Has no right to use the control panel as a means to control other bot nets or use it for any other purpose.
4. Does not have the right to deliberately send any portion of the product to anti-virus companies and other such institutions.
5. Commits to give the seller a fee for any update to the product that is not connected with errors in the work, as well as for adding additional functionality.

Interestingly, while item 4 prohibits the user from sending the product's code to anti-virus firms, the section afterwards, the one in the red box in the screen shot, states: "In cases of violations of the agreement and being detected, the client loses any technical support. Moreover, the binary code of your bot will be immediately sent to antivirus companies." This is perhaps the first malware tool to use AV firms as de facto enforcers of the EULA.

By the way, this might not be the first malware EULA. Some people have pointed out that Sony's digital rights management XCP rootkit had a EULA. <wink>

The Zeus EULA matter is also being reported by various tech news sites, including OUT-LAW, Slashdot, and Ars Technica.

At non-open source software funerals, do they give a EULAgy? <groan>.
J.D. Abolins