I Don't Believe in Imaginary Property writes "The authors of the Zeus malware have added an end-user license agreement to their product. The buyer is, of course, permitted to infect as many computers with Zeus as they please, but they have no right to distribute it for 'any business or commercial purpose not connected with this sale,' and they can't examine the source, use it to control non-Zeus botnets, or send it to anti-virus companies. Oh, and they commit to paying for future upgrades, too — wouldn't Microsoft love to be able to add that term to their EULA. While it seems silly to imagine Zeus's authors going to the authorities for violations of this EULA, if they're anything like the Russian Business Network, they probably have an extra-judicial means of contract enforcement named Ivan. That said, this is by no means the first
EULA-encrusted malware."
Clearly you haven't heard of Astalavista [astalavista.net] (might have been.com, not sure), taking the piss out of Altavista [altavista.com] back when people still used it.. Twas a warez and serials site which eventually became overrun by popups, spyware, malware and other general nasties. In it's place became asta-killer [asta-killer.com] against all the nasties, although most of it's sites linked now distribute as many as they can..
My guess is that the original Malware was written by some nerd who wanted to make a few bucks, but the operation was taken over by a bigger boss who saw more of the picture - and the EULA is trying ti bolster the apparent legitimacy of what they are doing - or in some way provide the weakest of weak arguments to try to sue someone later who does a better job of what they are trying to do now.
While I want to stab em with a sharp stick like the next guy, got to say that they are covering all their bases nicely.
...to try to sue someone later who does a better job of what they are trying to do now.
How can you sue someone for doing a "better" job of an illegal thing based on an illegal thing you are doing? Isn't that like calling the cops to report that someone stole some dope from you?
You need to know what people really mean when they call the police.....
"A man in a black Ford Escort wound his window down and offered to sell me some crack". Translation: I paid some money to a man in a black Ford Escort for some dope, and he drove off laughing.
"They're serving under-age kids in the Lion". Translation: The barmaid in the Lion asked me for ID, which I haven't got because I'm under-age, but she served someone else who is younger than me.
By reading this email you hereby agree to the following conditions:
1) Allow all emails from our companies to reach your inbox, and you must read them
2) You in fact must forward these emails, or let our malware forward them for you
3)You must pay to have your genitalia enlarged with OUR products only, and you must continue paying for these products until you have the advertised girth and lenth
4) You will not delete our messages, in fact you will archive and catalogue them in an order pleasing to you
If they want to enforce their licensing, they can't be anonymous. I think I see a major opportunity for the Russian military to show their might and perform a few practice attack missions.
<DmncAtrny> I will write on a huge cement block "By accepting this brick through your window, you accept it as is and agree to my disclaimer of all warranties, express or implied, as well as disclaimers of all liability, direct, indirect, consequential or incidental, that may arise from the installation of this brick into your building." <DmncAtrny> And then hurl it through the window of a Sony officer <DmncAtrny> and run like hell
So is there an "I don't agree" button or cancel or something if you don't like the EULA? If so, wtf, kinda weak malware lol. If not, it's not a real EULA and won't stand up in court...not that it would anyway lol.
"By clicking on this email attachment, you agree to become a member of the Storm botnet indefinitely, and agree to never remove this bot. You further agree to remove all virus protection and open all ports on your computer.
Oh, and you have agreed to get a better internet connection. Seriously, how am I supposed to spam people over dial-up?
Malware creators already have "preferred partners" in the AV industry (i.e., those to whom they are paying cash bribes in order not to have their products detected by that particular brand of AV software) -- don't make the mistake of thinking the anti-malware industry is any less corrupt than the malware industry.
Now, their preferred partners will be offered money to detect certain malware.
It's all going to turn ugly. Very ugly..... I'm just glad my OS of choice is immune by design to the most comm
Does it come up with a "I Agree" "I Disagree" buttons like all other programs now ?
if so it would effect its spread rate since people would be able to disagree and therefore it should not install,
or
if you don't get the option to disagree or read it then it would cause problems when enforcing it legally.
I can't imagine anyone enforcing an agreement contract (in this case EULA) that is installed without the user actually consenting it to be installed?
I mean, if you knowingly install something that snoops on your system and agree to the EULA you need to be kicked in the proverbials, but if something sneaks onto your system without you knowing about it what chance does any user agreement have?
Personally, I would like to see someone take Zeus to court about intrusion of their system. Wonder what the outc
But... but... wait a damn minute. When I bought my last pc it had windows installed without my consent.
Sure, sure, I realize there is a bit of difference here, but it sounds like they are taking the same business track as MS did in the 90s... well, more or less.
Foist it on them, sue anyone who disagrees. Buy the dissenters that you can, consolidate, conglomerate, soon you'll be the largest malware pimp in the world!
Every time I have opened up a computer and started it up, I have been forced to click "Yes, I accept these license terms" when starting Windows the first time.
In fact, I believe that, since there is a phrase to the extent of, "If you don't accept this license, you may return it to the seller for a refund," you actually can get rid of MS junk (see this happy story [linuxworld.com])! Though, the follow up suggests that it is hard, if not impossible, to do this.
Actually the EULA only applies to the company that buys the malware to distribute it.
GP is answered by
In cases of violations of the agreement and being detected, the client loses any technical support. Moreover, the binary code of your bot will be immediately sent to antivirus companies.
which covers the people the sell the botnet too, while i think that the article has a point when it says:
Data thieves and malware authors aren't going to win any "Most Likely to Respect Intellectual Property" competitions
Assuming that Zeus offers bespoke spyware for companies, or at least different enough that anti-virus companies cant detect them all from one sample (this is where its tricky because once the AV company has one sample they'll be able to figure out the rest), it is quite a good threat: if your big enough to pay for mallware your going to be big enough to do something with your network your not going to risk loosing your network
Infact this seams like a bigger threat than most EULA, your hitting them hard, unfortunately I think its just as flawed as a normal EULA, its simply impossible to enforce ( i mean vista not on virtualisation, mac on apple only hardware, it just dosent work)
Perhaps Zeus would be better off by making its money through some shady anti-zeus company that offers 100% protection from zeus.
In some countries in Europe there is a quite firm push towards "federal trojans" being installed in suspects computers. I wouldn't deem it impossible that removing them could be considered a crime by itself...
hell.... EVERY E.U.L.A. is invalid. You can't agree to a licence if it's inside a shrink wrapped box before you buy it!......
You can't use the software unless you agree to the EULA. The only way to agree to the EULA is to read it. Only way to read it is to open the Box. By opening the box you Agree to the EULA. Catch 22 without a law degree.
A EULA need not be a shrink-wrap contract. If you are shown the EULA before you download the software, it's not invalid. It may also be valid if you have the option to send the software back to the publisher for a full refund (cf ProCD v. Zeidenberg). So-called "clickwrap" licenses are also okay in many cases.
Some clauses of some EULAs are enforceable. But many are not.
But this particular EULA is clearly unenforceable (under common law at least) as the courts do not adjudicate disputes arising from criminal conduct. There is an ancient case where one thief sued another for failing to pay him his share of two pocket watched they stole.
I don't think they expect the EULA to be observed. They would be fools to expect that as they spend more time ripping each other off than their intended victims (no honor amongs
But instead you get a grammar Nazi. In the context of computers, MAC is understood to be an acronym for Media Access Control. Mac is an abbreviation for Macintosh.
Better luck with your case sensitivity next time... **Cue MICROS~1 fanboys**
Aren't EULA's essentially a form of contract? I'm not a lawyer, but I thought that any contract is not enforceable if its purpose is to achieve an illegal end; so, contracts involving malware would be void. http://en.wikipedia.org/wiki/Illegal_agreement [wikipedia.org]
The EULA can only be enforced (if at all) against the legal buyer of a license. Which is, in this case, the person licensing the trojan to infect machines. When your machine gets infected, or if you happen to be an AV researcher who gets his hands on one of these, you are not bound by the EULA. You didn't enter a license contract with the vendor of the malware. Yes, it feels odd to write this, not caring that something is malware and just trying to figure out the legal position. I wonder if this is how lawye
I think that it is trying to threaten potential hackers with what potential hackers would be scared of - having their hacks made useless. They are simply threatening to take away their work.
Spose it is in some funny 'honor amoung theives' way, cept that the honor is only extending as far as their peers, not the people they are actually letting this loose on - clearly there is no respect that extends that far.
Well, successful malware authors are already paying bakshish to their "preferred partners" in the anti-malware industry (which is by no means above this sort of thing) in order to allow their product to evade detection by specific products. It's possible that a mere code sample submitted by a rival malware gang would have to be accompanied by a bigger bribe than the original author paid in order to have any effect.
It's the same with taking out a contract for a hit. The person who wants you out of the
astala-vista (Score:2, Funny)
Re: (Score:2, Interesting)
New management: (Score:5, Insightful)
While I want to stab em with a sharp stick like the next guy, got to say that they are covering all their bases nicely.
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:3, Insightful)
"A man in a black Ford Escort wound his window down and offered to sell me some crack". Translation: I paid some money to a man in a black Ford Escort for some dope, and he drove off laughing.
"They're serving under-age kids in the Lion". Translation: The barmaid in the Lion asked me for ID, which I haven't got because I'm under-age, but she served someone else who is younger than me.
A EULA for Malware? (Score:3, Funny)
EULA for spam (Score:3, Funny)
1) Allow all emails from our companies to reach your inbox, and you must read them
2) You in fact must forward these emails, or let our malware forward them for you
3)You must pay to have your genitalia enlarged with OUR products only, and you must continue paying for these products until you have the advertised girth and lenth
4) You will not delete our messages, in fact you will archive and catalogue them in an order pleasing to you
5) B
Re: (Score:2)
Target Practice (Score:2)
Obligatory bash.org quote (Score:5, Funny)
Re: (Score:2)
Re:Obligatory bash.org quote (Score:5, Funny)
Parent
okay so... (Score:2)
Norton Anti-Virus (Score:5, Funny)
Re: (Score:2)
For fuck sake someone mod parent funny
I have my own EULA (Score:2, Insightful)
_EULA_EULA_EULA_EULA_EULA_EULA_EULA_EULA_EULA
By looking at my ID, you hereby agree to mod me insightful from now on. click above to proceed.
_EULA_EULA_EULA_EULA_EULA_EULA_EULA_EULA_EULA
Re: (Score:2)
EULA (Score:3, Interesting)
Honor amongst thieves (Score:2)
"By clicking on this email attachment, you agree to become a member of the Storm botnet indefinitely, and agree to never remove this bot. You further agree to remove all virus protection and open all ports on your computer.
Oh, and you have agreed to get a better internet connection. Seriously, how am I supposed to spam people over dial-up?
[Agree] [Own me] [Bend over]"
Something will give in 5 ... 4 ... 3 ... (Score:2)
Now, their preferred partners will be offered money to detect certain malware.
It's all going to turn ugly. Very ugly
Dont you have to agree to an EULA ? (Score:2, Interesting)
Re: (Score:3, Interesting)
I mean, if you knowingly install something that snoops on your system and agree to the EULA you need to be kicked in the proverbials, but if something sneaks onto your system without you knowing about it what chance does any user agreement have?
Personally, I would like to see someone take Zeus to court about intrusion of their system. Wonder what the outc
Re: (Score:2)
Sure, sure, I realize there is a bit of difference here, but it sounds like they are taking the same business track as MS did in the 90s... well, more or less.
Foist it on them, sue anyone who disagrees. Buy the dissenters that you can, consolidate, conglomerate, soon you'll be the largest malware pimp in the world!
Re: (Score:2, Interesting)
In fact, I believe that, since there is a phrase to the extent of, "If you don't accept this license, you may return it to the seller for a refund," you actually can get rid of MS junk (see this happy story [linuxworld.com])! Though, the follow up suggests that it is hard, if not impossible, to do this.
Re:Removing malware == DMCA violation, the next st (Score:5, Interesting)
GP is answered by
if your big enough to pay for mallware
your going to be big enough to do something with your network
your not going to risk loosing your network
Infact this seams like a bigger threat than most EULA, your hitting them hard, unfortunately I think its just as flawed as a normal EULA, its simply impossible to enforce ( i mean vista not on virtualisation, mac on apple only hardware, it just dosent work)
Perhaps Zeus would be better off by making its money through some shady anti-zeus company that offers 100% protection from zeus.
Parent
Re: (Score:2)
Re: (Score:2, Funny)
Re: (Score:2)
EULA (Score:2)
What's next, warrantees on IEDs?
Like the late Walt Kelly's Pogo said, "common sense ain't so common no more".
Re: (Score:2)
Re: (Score:3, Interesting)
Re: (Score:3, Informative)
Re: (Score:2)
In mine, you can't forfeit certain rights. Notably the one to decompile.
Re: (Score:3, Interesting)
Re: (Score:2, Informative)
Better luck with your case sensitivity next time... **Cue MICROS~1 fanboys**
Re: (Score:2)
It could be that some network specialists love the MAC address , and are therefor MAC fan boys .
Re: (Score:2, Funny)
Re: (Score:2)
Re: (Score:3, Funny)
[ ] Accept
[ ] Yes
Re: (Score:2)
His name is Bubba, actually.
Now I know.
Re: (Score:2)
Bubba The Terrible, first tzar of Alabama. He's one mean mofo, plays a banjo while his victims fry in an oversized skillet.
Re: (Score:3, Funny)
EULA (Score:2, Funny)
Windows?
Re: (Score:2)
Re: (Score:3, Insightful)
Any ACTUAL lawyers here care to comment?
what precedence? (Score:2)
Re: (Score:2)
Yes, it feels odd to write this, not caring that something is malware and just trying to figure out the legal position. I wonder if this is how lawye
Re: (Score:2)
Spose it is in some funny 'honor amoung theives' way, cept that the honor is only extending as far as their peers, not the people they are actually letting this loose on - clearly there is no respect that extends that far.
Re: (Score:2)
It's the same with taking out a contract for a hit. The person who wants you out of the