Friday December 5, 2008 7:43 PM AEST

SC Magazine Australia/NZ > News > Vulnerabilities & Exploits > Malware > Malware carries end-user agreement

Vulnerability Alerts

SANS

Microsoft

Microsoft Security Bulletin Advance Notification for December 2008
MS07-068 - Critical: Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275) - Version:2.3

CERT/CC

Latest Comments

"Excellent info. If you use Gumtree Australia you will see many obvious scam posts in all ..."

on Scammers target online car buyers, warns ACCC

by Marian Imrie | Dec 5, 2008 4:45 PM

"Very nice and useful information. UT4B4. Tape4backup.com"

on Weighing the options for securing back-up data

by Lto-4 Tape | Dec 4, 2008 9:23 PM

"Interesting that you do not bother to list the one AV that has consistently passed the VB100. ..."

on Latest VB100 malware test brings good news

by Ben | Dec 4, 2008 6:00 PM

"I like this"

on AVG update deletes critical Windows file

by nanwin | Dec 3, 2008 3:05 PM

"Concerned man's comments seem to intimate that if I'm using agents all will be well but the ..."

on Shavlik Technologies to broaden its patch management offerings

by Werner K | Nov 26, 2008 8:36 PM

Malware

Malware carries end-user agreement

By Iain Thomson
Apr 30, 2008 11:27 AM
Tags: Malware | carries | end-user | agreement

Researchers at Symantec have spotted the licence agreement in recent copies of Zeus, noting that one of the restrictions is that the malware "cannot be used for purposes other than which it was bought for".

Zeus buyers also "commit to give the seller a fee for any update to the product that is not connected with errors in the work, as well as for adding additional functionality".

Liam O'Murchu, of Symantec's security centre, said: "It is hard enough to enforce your copyright in the real world, not to mention trying to enforce them in the underground. Did the author really think this ploy was going to work?

"Despite the clear licensing agreement and associated warnings, this package still ended up being traded freely in underground forums shortly after it was released. It just goes to show that you can't trust anyone in the underground these days."

While legally unenforceable given the nature of the product the licence agreement does show the increasing professionalism and business focus of malware writers, and the way they are imitating legitimate business practices.

However, the writers have their own plans to enforce the agreement. The text warns that if the user breaks the conditions all technical support ends and the binary section of the software will be sent to security companies so that it can be blocked.

Ads by Google

Thoughts on this article? Add a comment below.

Be the first to comment on this article.

Report this comment as offensive:

* Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.

Name:

Email:

(will not be displayed)

Comment:

(HTML not permitted)

Validation

Enter the code you see below:

Most Read
Most Discussed
Latest News

Vulnerabilities & Exploits Whitepapers

Malware carries end-user agreement

Sponsored Links

SC MAGAZINE SITEMAP

CATEGORIES

News

Alerts

Products

Stats

Blogs

Photo Galleries

Whitepapers

Events

Jobs

Downloads

Vulnerabilities & Exploits

Breaches & Exposures

Messaging

Mobile

Access Control

Biometrics & Forensics

Legal

Risk Management

Job Centre

Patch Management