The criminals who sell the Zeus malware have added an end-user license agreement to their "product," setting out a bunch of terms controlling how the criminals who buy their products may use it, and threatening dire technological reprisals for violations:
Symantec security researcher Liam OMurchu has details on this latest development. The help section of the latest version of the Zeus malware states that the client has no right to distribute Zeus in any business or commercial purpose not connected to the initial sale, cannot examine the source code of the product, has no right to use the product to control other botnets, and cannot send the product to anti-virus companies. The client does agree to "give the seller a fee for any update to the product that is not connected with errors in the work, as well as for adding additional functionality." Modern license agreements take a great deal of (deserved) fire for being absurdly draconian, but even the likes of Adobe and Microsoft don't claim that purchasing a version of their respective products locks the user into buying future editions.
It's obviously difficult for the manufacturers of an illegal product to threaten legal sanctions against an infringer, but the Zeus authors give it their best shot. According to the EULA, "In cases of violations of the agreement and being detected, the client loses any technical support. Moreover, the binary code of your bot will be immediately sent to antivirus companies." Frankly, "We'll blow your kneecaps off and feed them to you," might be a bit more effective as a threat, but I suppose it's a bit hard to carry out that threat over the Internet.
(via /.)
