Malware is a broad term used to describe software whose purpose is to damage computers or steal information from users. Symantec has found one maker and seller of illegal malware, though, who is trying to use the law to defend his potential earning power.
A product called Zeus has been identified by Symantec as a form of malware known as a Trojan horse, designed to steal sensitive information from infected users' computers. It has been detected arriving with an email that purports to be an update for customers sent by ABN-AMRO bank, according to the security firm.
Purchasers of Zeus (not to be confused with software firm Zeus Technology) can use it to steal data from others. The malware will intercept an infected user's keyboard input, capture screenshots and redirect internet traffic, then pass all the data to a remote site chosen by the purchaser.
Because malware is commonly distributed among criminals without payment, the unidentified authors of Zeus have written an End User Licence Agreement, or EULA. The agreement says, in Russian, that licensees do not have the right to redistribute the software or its source code to third parties. It also says that they must pay for updates to the software.
Malware becomes far less effective once anti-virus companies such as Symantec have been given copies, because they can then secure subscribers' computers against them. The EULA prohibits users from sending "any portion" of the software to anti-virus companies.
In the UK, writing software for use in connection with fraud can result in a sentence of up to 10 years under the Fraud Act 2006. Given that a malware-selling company would be unlikely to seek court protection for intellectual property rights in its illegal software, the company has had to think of another sanction for people it discovers have redistributed its software.
"In cases of violations of the agreement and being detected, the client loses any technical support," said the agreement, in Symantec's translation. "Moreover, the binary code of your bot will be immediately sent to antivirus companies."
A 'bot' is a software robot, something that Zeus helps its purchasers to create.
The phenomenon was discovered by Symantec researcher Liam O'Murchu, who documented it in his blog.
"It is hard enough to enforce your copyrights in the real world, not to mention trying to enforce them in the underground," he wrote. "Despite the clear licensing agreement and the associated warnings, this package still ended up being traded freely in underground forums shortly after it was released. It just goes to show you just can’t trust anyone in the underground these days."