Professional virus writers are now selling a suite of software on the Internet with an unusual attachment: a detailed licensing agreement that promises penalties for redistributing the malicious code without permission.
"I just kind of chuckled -- it's kind of humorous," said Zulfikar Ramzan, senior principal security researcher with Symantec Corp.
Symantec researchers noticed a Russian-language example floating around the Internet and wrote about it on the company's official blog this week. They said it's the only example they've seen.
The software is used to infect computers and control them remotely. The zombie machines can be used to pump out spam, launch more attacks or steal personal information from their owners.
Networks of zombie machines -- known as "bot nets" -- can be extremely lucrative, sometimes bringing millions of dollars in profit for their authors and their distributors. To maximize that profit, the software analyzed by Symantec's researchers contained the following rules:
-The customer can't resell the product, examine its underlying coding, use it to control other bot nets or submit it to antivirus companies and agrees to pay the seller a fee for product updates.
-The threat: Violate the terms, and we'll report you ourselves to the antivirus companies by giving them information about how to dismantle your bot network or prevent it from growing bigger.
While not legally binding, the terms amount to a novel way to protect ill-gotten profits -- except that by ratting out their customers, malware authors risk drawing attention to their own enterprises and giving antivirus makers clues on combating them.
"We know they can't actually enforce it, and they probably wouldn't try," Ramzan said. "What's funny is they put more effort into their EULA (end-user license agreement) than traditional software companies might."The ultimate rub? Apparently the threat was not only hollow but unheeded. Symantec said the program that's accompanied by the novel rules is being traded freely online -- and so far its authors haven't called Symantec to make good on their threat.