Probably the last thing you expect from people selling malware is an end-user agreement, that legal device to preserve copyright. But researchers at Symantec,to their astonishment, have spotted one on copies of Zeus malware. According to the company, the conditions that are imposed include one stating that it "cannot be used for purposes otherthan which it was bought for" and another where buyers "commit to give the seller a fee for any update to the product that is not connected with errors in the work, as well as for addingadditional functionality." Of course, you can’t enforce an end-user agreement on malware. But it’s a sign that those behind it want at least the gloss of respectability.According to Symantec’s Liam O’Murchu, "It is hard enough to enforce your copyright in the real world, not to mention trying to enforce them in the underground. Did the authorreally think this ploy was going to work? Despite the clear licensing agreement and associated warnings, this package still ended up being traded freely in underground forums shortly after it wasreleased. It just goes to show that you can’t trust anyone in the underground these days." But the people behind Zeus do have a sting in the tail. Where someone flouts the agreement, theywarn that they’ll end tech support and send the binary part of the software to security companies for blocking.
