I figured an end user licence agreement (EULA) was bound to appear in the malware market as the tools were moving towards finance profits goals. Years ago, I had joked that someday a malware author would be in court for two cases involving his code: one as a defendant in a computer offence case and the other as a plaintiff in a copyright case against somebody violating the code's licence agreement.
The dual court cases hasn't yet happen but Symantec Security Response Weblog has reported a EULA found in the help files for "Zeus" malware package.
A screenshot of the Russian language EULA from the Symantec Weblog.
Symantec translates the Client agreement as saying pretty much what most EULAs state minus the "bot" references:
By the way, this might not be the first malware EULA. Some people have pointed out that Sony's digital rights management XCP rootkit had a EULA. <wink>
The Zeus EULA matter is also being reported by various tech news sites, including OUT-LAW, Slashdot, and Ars Technica.
The dual court cases hasn't yet happen but Symantec Security Response Weblog has reported a EULA found in the help files for "Zeus" malware package.
A screenshot of the Russian language EULA from the Symantec Weblog.
Symantec translates the Client agreement as saying pretty much what most EULAs state minus the "bot" references:
- Does not have the right to distribute the product in any business or commercial purposes not connected with this sale.
- May not disassemble / study the binary code of the bot builder.
- Has no right to use the control panel as a means to control other bot nets or use it for any other purpose.
- Does not have the right to deliberately send any portion of the product to anti-virus companies and other such institutions.
- Commits to give the seller a fee for any update to the product that is not connected with errors in the work, as well as for adding additional functionality.
By the way, this might not be the first malware EULA. Some people have pointed out that Sony's digital rights management XCP rootkit had a EULA. <wink>
The Zeus EULA matter is also being reported by various tech news sites, including OUT-LAW, Slashdot, and Ars Technica.
At non-open source software funerals, do they give a EULAgy? <groan>.
J.D. Abolins
- Mood:
awake
Today's Politech had an announcement of a draft background paper published by the International Telecommunication Union (ITU). The ITU has been working on a botnet mitigation toolkit. The link to the PDF of the draft background paper, a call for comments, and other information about the project can be found in the Politech posting.
J.D. Abolins
![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small}
