Slashdot Mirror
EULAs For Malware
I Don't Believe in Imaginary Property writes "The authors of the Zeus malware have added an end-user license agreement to their product. The buyer is, of course, permitted to infect as many computers with Zeus as they please, but they have no right to distribute it for 'any business or commercial purpose not connected with this sale,' and they can't examine the source, use it to control non-Zeus botnets, or send it to anti-virus companies. Oh, and they commit to paying for future upgrades, too — wouldn't Microsoft love to be able to add that term to their EULA. While it seems silly to imagine Zeus's authors going to the authorities for violations of this EULA, if they're anything like the Russian Business Network, they probably have an extra-judicial means of contract enforcement named Ivan. That said, this is by no means the first
EULA-encrusted malware."
My guess is that the original Malware was written by some nerd who wanted to make a few bucks, but the operation was taken over by a bigger boss who saw more of the picture - and the EULA is trying ti bolster the apparent legitimacy of what they are doing - or in some way provide the weakest of weak arguments to try to sue someone later who does a better job of what they are trying to do now.
While I want to stab em with a sharp stick like the next guy, got to say that they are covering all their bases nicely.
Moved to http://soylentnews.org/. You are invited to join us too!
hell.... EVERY E.U.L.A. is invalid. You can't agree to a licence if it's inside a shrink wrapped box before you buy it!...... You can't use the software unless you agree to the EULA. The only way to agree to the EULA is to read it. Only way to read it is to open the Box. By opening the box you Agree to the EULA. Catch 22 without a law degree.
Laters Sol "Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"
GP is answered by In cases of violations of the agreement and being detected, the client loses any technical support. Moreover, the binary code of your bot will be immediately sent to antivirus companies. which covers the people the sell the botnet too, while i think that the article has a point when it says: Data thieves and malware authors aren't going to win any "Most Likely to Respect Intellectual Property" competitions Assuming that Zeus offers bespoke spyware for companies, or at least different enough that anti-virus companies cant detect them all from one sample (this is where its tricky because once the AV company has one sample they'll be able to figure out the rest), it is quite a good threat:
if your big enough to pay for mallware
your going to be big enough to do something with your network
your not going to risk loosing your network
Infact this seams like a bigger threat than most EULA, your hitting them hard, unfortunately I think its just as flawed as a normal EULA, its simply impossible to enforce ( i mean vista not on virtualisation, mac on apple only hardware, it just dosent work)
Perhaps Zeus would be better off by making its money through some shady anti-zeus company that offers 100% protection from zeus.
IranAir Flight 655 never forget!
If, as suggested in this article's hypothetical situation, Microsoft were to write a EULA for malware, it would be pretty ridiculous. Oh, wait...
McCain/Palin '08. Now THAT's hope and change!
Norton AV has always had a EULA. The Zeus EULA is nothing new...
Excuse me, but please get off my Pennisetum Clandestinum, eh!