Malware is a broad term used to describe software whose purpose
is to damage computers or steal information from users. Symantec
has found one maker and seller of illegal malware, though, who is
trying to use the law to defend his potential earning power.
A product called Zeus has been identified by Symantec as a form
of malware known as a Trojan horse, designed to steal sensitive
information from infected users' computers. It has been detected
arriving with an email that purports to be an update for customers
sent by ABN-AMRO bank, according to the security firm.
Purchasers of Zeus (not to be confused with software firm Zeus
Technology) can use it to steal data from others. The malware will
intercept an infected user's keyboard input, capture screenshots
and redirect internet traffic, then pass all the data to a remote
site chosen by the purchaser.
Because malware is commonly distributed among criminals without
payment, the unidentified authors of Zeus have written an End User
Licence Agreement, or EULA. The agreement says, in Russian, that
licensees do not have the right to redistribute the software or its
source code to third parties. It also says that they must pay for
updates to the software.
Malware becomes far less effective once anti-virus companies
such as Symantec have been given copies, because they can then
secure subscribers' computers against them. The EULA prohibits
users from sending "any portion" of the software to anti-virus
companies.
In the UK, writing software for use in connection with fraud can
result in a sentence of up to 10 years under the Fraud Act 2006.
Given that a malware-selling company would be unlikely to seek
court protection for intellectual property rights in its illegal
software, the company has had to think of another sanction for
people it discovers have redistributed its software.
"In cases of violations of the agreement and being detected, the
client loses any technical support," said the agreement, in
Symantec's translation. "Moreover, the binary code of your bot will
be immediately sent to antivirus companies."
A 'bot' is a software robot, something that Zeus helps its
purchasers to create.
The phenomenon was discovered by Symantec researcher Liam
O'Murchu, who documented it in his
blog.
"It is hard enough to enforce your copyrights in the real world,
not to mention trying to enforce them in the underground," he
wrote. "Despite the clear licensing agreement and the associated
warnings, this package still ended up being traded freely in
underground forums shortly after it was released. It just goes to
show you just can’t trust anyone in the underground these
days."
