The dual court cases hasn't yet happen but Symantec Security Response Weblog has reported a EULA found in the help files for "Zeus" malware package.
A screenshot of the Russian language EULA from the Symantec Weblog.
Symantec translates the Client agreement as saying pretty much what most EULAs state minus the "bot" references:
- Does not have the right to distribute the product in any business or commercial purposes not connected with this sale.
- May not disassemble / study the binary code of the bot builder.
- Has no right to use the control panel as a means to control other bot nets or use it for any other purpose.
- Does not have the right to deliberately send any portion of the product to anti-virus companies and other such institutions.
- Commits to give the seller a fee for any update to the product that is not connected with errors in the work, as well as for adding additional functionality.
By the way, this might not be the first malware EULA. Some people have pointed out that Sony's digital rights management XCP rootkit had a EULA. <wink>
The Zeus EULA matter is also being reported by various tech news sites, including OUT-LAW, Slashdot, and Ars Technica.
At non-open source software funerals, do they give a EULAgy? <groan>.