Slashdot Mirror
EULAs For Malware
I Don't Believe in Imaginary Property writes "The authors of the Zeus malware have added an end-user license agreement to their product. The buyer is, of course, permitted to infect as many computers with Zeus as they please, but they have no right to distribute it for 'any business or commercial purpose not connected with this sale,' and they can't examine the source, use it to control non-Zeus botnets, or send it to anti-virus companies. Oh, and they commit to paying for future upgrades, too — wouldn't Microsoft love to be able to add that term to their EULA. While it seems silly to imagine Zeus's authors going to the authorities for violations of this EULA, if they're anything like the Russian Business Network, they probably have an extra-judicial means of contract enforcement named Ivan. That said, this is by no means the first
EULA-encrusted malware."
they probably have an extra-judicial means of contract enforcement named Ivan.
His name is Bubba, actually.
The higher the technology, the sharper that two-edged sword.
astala - vista - baby
My guess is that the original Malware was written by some nerd who wanted to make a few bucks, but the operation was taken over by a bigger boss who saw more of the picture - and the EULA is trying ti bolster the apparent legitimacy of what they are doing - or in some way provide the weakest of weak arguments to try to sue someone later who does a better job of what they are trying to do now.
While I want to stab em with a sharp stick like the next guy, got to say that they are covering all their bases nicely.
Moved to http://soylentnews.org/. You are invited to join us too!
I wonder if these guys will start trying to press DMCA lawsuits for people in the US who remove their software next.
Call me cynical, but I can see some judge hearing some well dressed attornies representing the Zeus guys saying that the user deliberately made the decision to dosable a protection mechanism against an "agreed upon" contract (and pointing out that what the software does is irrelevant), and said judge not knowing any better convicts.
I, for one, welcome our EULA-encrusted malware BSA overlords!
I can't imagine anyone enforcing an agreement contract (in this case EULA) that is installed without the user actually consenting it to be installed?
I mean, if you knowingly install something that snoops on your system and agree to the EULA you need to be kicked in the proverbials, but if something sneaks onto your system without you knowing about it what chance does any user agreement have?
Personally, I would like to see someone take Zeus to court about intrusion of their system. Wonder what the outcome would be.
Moved to http://soylentnews.org/. You are invited to join us too!
This is what happens. You keep fighting the man, fighting the man. The next thing you know, you've been absorbed into the system and now your invested in it, trying to make a buck and cover your ass like all us Joes.
"Taboo, like anything else, goes in and out of style."
Sleeping with the fishes.
Check out Unsealed: Whispers of Wisdom! http://unsealed.k3rnel.net It's an action-RPG about Open Sourcerers.
At least if they try to sue through the court system, they will have to reveal their own identity and then you can send your own Uber-Ivan to sort them out.
If I'm not happy with this software, can I return it to the point of purchase for a refund?
After all, every EULA I've read has a refund-if-not-accept clause in it.
proud caffeine whore
Great, now I have to find Nemo?
But... but... wait a damn minute. When I bought my last pc it had windows installed without my consent.
Sure, sure, I realize there is a bit of difference here, but it sounds like they are taking the same business track as MS did in the 90s... well, more or less.
Foist it on them, sue anyone who disagrees. Buy the dissenters that you can, consolidate, conglomerate, soon you'll be the largest malware pimp in the world!
Support NYCountryLawyer RIAA vs People
What would have precedence in a case pitting EULA-enforced DMCA and anti-cybercrime laws? Let's say a commercial AV outfit vs. the DMCA which would say that reverse-engineering the product was violating their copyright.
GP is answered by In cases of violations of the agreement and being detected, the client loses any technical support. Moreover, the binary code of your bot will be immediately sent to antivirus companies. which covers the people the sell the botnet too, while i think that the article has a point when it says: Data thieves and malware authors aren't going to win any "Most Likely to Respect Intellectual Property" competitions Assuming that Zeus offers bespoke spyware for companies, or at least different enough that anti-virus companies cant detect them all from one sample (this is where its tricky because once the AV company has one sample they'll be able to figure out the rest), it is quite a good threat:
if your big enough to pay for mallware
your going to be big enough to do something with your network
your not going to risk loosing your network
Infact this seams like a bigger threat than most EULA, your hitting them hard, unfortunately I think its just as flawed as a normal EULA, its simply impossible to enforce ( i mean vista not on virtualisation, mac on apple only hardware, it just dosent work)
Perhaps Zeus would be better off by making its money through some shady anti-zeus company that offers 100% protection from zeus.
IranAir Flight 655 never forget!
If, as suggested in this article's hypothetical situation, Microsoft were to write a EULA for malware, it would be pretty ridiculous. Oh, wait...
McCain/Palin '08. Now THAT's hope and change!
Every time I have opened up a computer and started it up, I have been forced to click "Yes, I accept these license terms" when starting Windows the first time.
In fact, I believe that, since there is a phrase to the extent of, "If you don't accept this license, you may return it to the seller for a refund," you actually can get rid of MS junk (see this happy story)! Though, the follow up suggests that it is hard, if not impossible, to do this.
"this is by no means the first EULA-encrusted malware."
Windows?
This is f'ing weird!
The most interesting thing about this however was not mentioned in the article, sadly - the EULA states that when you violate it, the code will be handed over to various antivirus companies, effectively rendering the code almost useless.
A good education is a bit like a STD - it makes you unsuitable for a lot of jobs and gives you a desire to spread it.
If they want to enforce their licensing, they can't be anonymous. I think I see a major opportunity for the Russian military to show their might and perform a few practice attack missions.
So is there an "I don't agree" button or cancel or something if you don't like the EULA? If so, wtf, kinda weak malware lol. If not, it's not a real EULA and won't stand up in court...not that it would anyway lol.
Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
Norton AV has always had a EULA. The Zeus EULA is nothing new...
Excuse me, but please get off my Pennisetum Clandestinum, eh!
_EULA_EULA_EULA_EULA_EULA_EULA_EULA_EULA_EULA
By looking at my ID, you hereby agree to mod me insightful from now on. click above to proceed.
_EULA_EULA_EULA_EULA_EULA_EULA_EULA_EULA_EULA
In most jurisdiction if one burglar breaks into another burglar's home he
goes to jail. But... if somebody is sold a very poor quality of cocaine in a
drug deal they can't sue to get their money back.
Most jurisdictions will prosecute the crime but will not afford the protections
of civil law. So in turn somebody might get prosecuted for violating criminal
statutes, but they can't ever hope to successfully sue for lost profits.
Sony already spiced some of their CDs with DMCA protected rootkits.
Patents Drive Free Software as Hurricanes Drive Construction Industry
How does one pronounce it? "Yoo-lah", or "Oi-lah"?
Does the bot binary come with a EULA too?
"By clicking on this email attachment, you agree to become a member of the Storm botnet indefinitely, and agree to never remove this bot. You further agree to remove all virus protection and open all ports on your computer.
Oh, and you have agreed to get a better internet connection. Seriously, how am I supposed to spam people over dial-up?
[Agree] [Own me] [Bend over]"
1) Allow all emails from our companies to reach your inbox, and you must read them
2) You in fact must forward these emails, or let our malware forward them for you
3)You must pay to have your genitalia enlarged with OUR products only, and you must continue paying for these products until you have the advertised girth and lenth
4) You will not delete our messages, in fact you will archive and catalogue them in an order pleasing to you
5) By opting into our volume club membership, we cut out the unwanted ads, and double the number of targeted ones BENEFITING YOU!
6) You must opt into our humour newsletter, which pairs funny pictures of kittens with ads about how to make your junk/breasts/both bigger!
and so on
Malware creators already have "preferred partners" in the AV industry (i.e., those to whom they are paying cash bribes in order not to have their products detected by that particular brand of AV software) -- don't make the mistake of thinking the anti-malware industry is any less corrupt than the malware industry.
..... I'm just glad my OS of choice is immune by design to the most common forms of malware and I'm smart enough not to fall victim to the rest.
Now, their preferred partners will be offered money to detect certain malware.
It's all going to turn ugly. Very ugly
Je fume. Tu fumes. Nous fûmes!
In some countries in Europe there is a quite firm push towards "federal trojans" being installed in suspects computers. I wouldn't deem it impossible that removing them could be considered a crime by itself...
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Does it come up with a "I Agree" "I Disagree" buttons like all other programs now ? if so it would effect its spread rate since people would be able to disagree and therefore it should not install, or if you don't get the option to disagree or read it then it would cause problems when enforcing it legally.
This very well may be trolling but there is always the possibility that you're not aware of your mistake so can not compensate for it in the future so I think it's worth mentioning.
if your big enough to pay for malware
your going to be big enough to do something with your network
your not going to risk loosing your network
In all three of these instances the proper word(s) is "you're" or "you are" not "your". Your argument was well articulated but when you make simple grammar mistakes, it takes away from it and can bring the focus not on your response but your mistake.
"By opening this bag of marijuana, you agree that you will..."
What's next, warrantees on IEDs?
Like the late Walt Kelly's Pogo said, "common sense ain't so common no more".
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
Or that princess chick from the Little Mermaid.
"There is a way that seems right to a man, but its end is the way of death." Proverbs 16:25 (NKJV)
Malware would be subject to counter-claims that the purpose of the software was not clear. How do you make hidden details reasonably accessible? Surely, on testing a license breach in legal proceedings, there has to be a demonstration that the user knowingly breached the agreement, and reasonable steps were taken by the licensors to communicate their requirements?
It's pretty well known that botnet creators are selling their net (and perhaps the bots) to paying clients that want to set up a botnet for nefarious purposes.
The line "In cases of violations of the agreement and being detected, the client loses any technical support. Moreover, the binary code of your bot will be immediately sent to antivirus companies." makes me think this EULA is targeted at those customers, not the zombie victims. The second sentence basically says to me:
"We have customized your bot so it is not currently detected by antivirus software. If you violate our EULA, a sample of your customized bot will get sent to antivirus companies so that your bot becomes detectable and far less useful for setting up your spam network."
retrorocket.o not found, launch anyway?
Authors of viruses, malware, whatever you want to call it, should be shot.
Well both legal companies and the russian malware mafia work on pretty much the same basis. If you break any other EULA, you get a letter. If you break the their EULA, you get a package.
George Will, among others, points out the failure in the "War on Drugs" is evidenced by the falling price, and increasing quality, of cocaine and other drugs, both showing an increase in competition for the consumer's dollar.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
"I'm Sorry sir, but you're HIV has turned into full blown aids.."
*Doctor hands man a bill*
*What is this..?"
"That would be the charge for the upgrade."
"I'm paying for having AIDS???"
"Yes, obviously you didn't read the EULA for HIV when you got it."
-Spida
> Perhaps Zeus would be better off by making its
> money through some shady anti-zeus company that
> offers 100% protection from zeus.
You are making the assumption that they don't, as well as from renting out the network. Remember, the Soviets funded their foreign intelligence department in the 1920s and early 30s by convincing the Western Powers that there was a big anti-communist underground that just needed some money and they would be able to overthrow Lenin (and later, Stalin). Why shouldn't the company fund their software research by having a shell company offering to fix their damage?
True it didnt stop in the 30s either:
http://en.wikipedia.org/wiki/Iran-Contra_affair
hell im fairly sure were still getting suckerd by some war lords in afganistan.
IranAir Flight 655 never forget!
Nice! way to play to the mod system, that was awesome! I would now have to rate you +funny though, and well, that would mean I'd violate your eula... better prep your attourneys. Just in case they are ready,
I live @ 1313 mockingbird lane
Beverly Hills, CA 90210
(360)555-1212
How much is your data worth? Back it up now.
You need to know what people really mean when they call the police .....
"A man in a black Ford Escort wound his window down and offered to sell me some crack". Translation: I paid some money to a man in a black Ford Escort for some dope, and he drove o
College-Pages.com - Online Colleges, Degrees, and Programs