back to article VXers slap copyright notices on malware

Malware authors have lifted a page from the legit software industry's rule book and are slapping copyright notices on their Trojans. One Russian-based outfit has claimed violations of its "licensing agreement" by its underworld customers will result in samples of the knock-off code being sent to anti-virus firms. The sanction …


This topic is closed for new posts.
  1. Anonymous Coward
    Dead Vulture

    Technical Support

    .....In cases of violations of the agreement and being detected, the client loses any technical support. Moreover, the binary code of your bot will be immediately sent to antivirus companies....

    Also, Boris and Dmitri will make unannounced "on-site technical support visits" with an AK-47 and 4 kg of Semtex.

    And you though FAST visits were intimidating....

  2. KarlTh


    Just surreal. It's like a bizarre comedy universe. You couldn't make it up.

  3. Henry Cobb

    So Symantec only detects malware which has been leaked?

    It is considered useful to clue Symantec in to malware which is already active enough for the Russian virus writers to have themselves already spotted it?

    Symantec isn't expected to be able to spot it by themselves?

    I wonder how well they'd be doing if they didn't have the firm support of these Concerned Local Citizens.

  4. Steve Woods

    Copyleft anyone?

    Haven't these folks heard of the GPL?

    Mine's the one with Stallman is God written on the back...

  5. mh.


    Contracts made for illegal purposes such as fraud or extortion are void under common law, so good luck with that one. Also, court records are public knowledge and it would be tricky for botnet herders and their clients to remain anonymous if one decided to sue the other. Personally I'd like to see it if a case like this ever did come to court.

  6. Urs Keller

    Pirates pirating the pirates ...

    ... and thereby making writing malware economically less attractive? Could that spell the end of malware as we know it?

    Sounds too good to be true.

  7. Anonymous Coward

    Re: Enforcement

    The folks that write and sell these ain't exactly the Boy Scouts.

    I doubt they'll have much patience for the legal process anyway.

    Around these parts, we don't mess with the Russians.

    It's the one with the wide yellow stripe down the back...

  8. TEQ


    Doesn't malware 'freely distribute' itself as part of its job description?

  9. Mark Broadhurst


    if you are a Malware writer and your software makes a few trips around the net and wrecks havok on hundreds of machine people can sue the copyright holder right?

  10. Rick
    Paris Hilton


    If this is copyright protect there is some kind or govermental agency involved? If so why the hell is there no arrests or convictions? Come on now these people have to be the biggest f@#$tards ever.

    /> Paris cause she can relate to these idiots trying to "That's HOT!!"

  11. Gwyn Kemp-Philp


    I suspect 'breach of contract' would have a slightly different meaning to virus creators than it does to us ordinary mortals.

    Failure to observe the contract is more likely to arise from not bothering to read the End Loser Agreement that a desire to mix it with the Czars of destruction.

    And I should think penalty clauses are likely to be more 'imaginative'.

  12. Gordon Fecyk
    Thumb Up

    @Henry Cobb: Yep, that's about right

    "Symantec isn't expected to be able to spot it by themselves?"

    Actually, they're not. No one expects Symantec as a company to detect and analyze this code, and release an update to catch it. Let alone remove the thing.

    People buy Symantec AV with failure in mind. "Every­one else believes anti­virus soft­ware must fail to stop some viruses — and so they build failure into their 'solutions.'" -- Rob Rosenberger

  13. A J Stiles

    To Be Expected

    Virus creators already have "preferred" AV vendors, whom they bribe not to detect their products. Now they will have to deal with other virus creators paying larger amounts **to** detect them .....

    Expect something to give anytime soon.

  14. noodle heimer

    this is probably around whaling and spearfishing

    This is probably about installing keyloggers and remote control services more than self-propogating code. You can buy malware to put in an email or host on a website; the goal is not to spread like a virus (thereby giving copies of itself to security firms) but to remain in use in a limited pool of interesting machines and be unlikely to be picked up.

    The professional malware industry periodically seed malware into residential IP space to find out if a/v companies are hiding honeypots in them. They know if there are honeypots there, since all of a sudden the signature blocks recognize unreleased malware. (Saw a great slide illustrating a post to a malware forum on this topic a few months ago.)

    This is the kind of stuff that folks pay reasonably well for, and is likely to be undetected for months after its initial release (unless there's good network reporting and someone has time to read the sensors and has time to analyze, rather than simply reimage, a compromised machine and they have time to find the original source of infection and escalate that to their a/v vendor. How many machines are you administering? How many of the above processes are automated and hence efficient at most companies? Just the reimaging one. Guess which one managent favors over forensics?)

    I see malware sent to users with titles at and above director, and the a/v on server never sees it, and the a/v product on the workstation never sees it. The best stuff is the stuff embedded in word documents, since there's no way to tell the corner offices that henceforth, we're blocking .doc at the gateway. The outbound filter often does block it phoning home. Does it always? Of course not.

    Samples of these targeted malware loads submitted to symantec, mcafee, etc. shortly after their purchase would cost the client who'd violated the EULA dough. It would likely lead to earlier detection of the stuff, and an awareness that the CFO's password at the payroll site was blown. Generating new malware is basically free; once you've got the tools to flip a bit in your malware, or repack it with a different packer, you're going to bypass the next signature update and be able to supply your compliant customers with a/v evading product. But if your target is now extra-suspicious, you may not get a second chance to install a keylogger on that CFO's system.

    The threat of reporting to the a/v community is a pretty good one. All that a/v can do by itself is react to past threats; you buy it because you have to, and because a lot of malware is crap software that does re-use enough chunks of old attack methods that it may be picked up.

  15. Paul
    Gates Horns

    GPL? Nah, freebsd botnet

    the GPL is too restrictive for me, that's why I use only botnets with FreeBSD licenses!

    coat? yes, I'm taking yours, the one with the wallet in it!!!

  16. Henry Wertz Gold badge

    Re: Enforcement

    The contract may be legally null and void, but apparently the contract terms HAVE been enforced. It's in the hands of an antivirus company after all.

    What *I* wonder is, how many of these types of toolkits are out that have NOT been picked up by antivirus companies (presumably because the purchaser followed the purchase agreement)?

  17. This post has been deleted by its author

  18. Anonymous Coward

    I have a feeling...

    ...that if you screw around with a Russian malware gang, the repercussions are probably somewhat beyond civil court action...

  19. Gordon Fecyk

    @A J Stiles, re: AV firm bribery? Not likely.

    "Virus creators already have 'preferred' AV vendors, whom they bribe not to detect their products."

    As much as I dislike the anti-virus industry, I have to side with them on this one. As much as the industry qualifies as a cartel, there's still fierce competition between them, and something like 'accidentally' releasing a virus is going to get pounced on.

    There was speculation after September 11th 2001 whether American AV firms would avoid detecting viruses created by the American FBI. That speculation turned into a major publicity SNAFU for the industry, and AV industry supporters quickly reversed their position:

    Further speculation loomed on whether the MPAA / Hollywood would ask American AV firms to avoid detecting anti-piracy viruses developed by the MPAA. Symantec's Chris Paden made their position very clear:

    "Our main concern is for our customers. We don't care who has been attacking our customers. We are going to deploy all of our defenses to meet it."

    So if Hollywood wants to attack US pirates, they'll have to go through the anti-virus industry to do it.

    The anti-virus cartel has more important things to do than take bribes from virus writers.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019