Researchers at Symantec have spotted the licence agreement in recent copies of Zeus, noting that one of the restrictions is that the malware "cannot be used for purposes other than which it was bought for".
Zeus buyers also "commit to give the seller a fee for any update to the product that is not connected with errors in the work, as well as for adding additional functionality".
Liam O'Murchu, of Symantec's security centre, said: "It is hard enough to enforce your copyright in the real world, not to mention trying to enforce them in the underground. Did the author really think this ploy was going to work?
"Despite the clear licensing agreement and associated warnings, this package still ended up being traded freely in underground forums shortly after it was released. It just goes to show that you can't trust anyone in the underground these days."
While legally unenforceable given the nature of the product the licence agreement does show the increasing professionalism and business focus of malware writers, and the way they are imitating legitimate business practices.
However, the writers have their own plans to enforce the agreement. The text warns that if the user breaks the conditions all technical support ends and the binary section of the software will be sent to security companies so that it can be blocked.
Malware carries end-user agreement
By Iain Thomson on Apr 30, 2008 7:32AM