Malware Authors Use License Agreements to Protect Their Work

Malware authors are turning to end-user license agreements in an effort to protect their own intellectual property.


Liam OMurchu, a security researcher for Symantec, has documented the unusual development, focusing on the "help" section of the latest version of the Zeus malware.


While it's a little odd that the makers of an illegal product would threaten legal action against someone who illegally obtains that product, Zeus tries anyway.


The Zeus end-user license agreement reads, in part, "In cases of violations of the agreement and being detected, the client loses any technical support. Moreover, the binary code of your bot will be immediately sent to antivirus companies."


According to OMurchu, the Zeus "help" section states that the client has no right to distribute Zeus in any business or commercial purpose not connected to the initial sale, cannot examine the source code of the product, has no right to use the product to control other botnets and cannot send the product to antivirus companies. It adds that the client agrees to "give the seller a fee for any update to the product that is not connected with errors in the work, as well as for adding additional functionality."


While this might be a first for malware authors, creators of spyware programs, which differ in that their creators present themselves as businesses, have presented their own end-user license agreements, reportedly to protect the authors from prosecution under computer containment laws. However, spyware end-user license agreements have not yet been upheld in court.