Outrageous EULA - from a botnet vendor

Posted on April 29, 2008 - 13:14 by egeorge

The "Symantec Security Response blog": today features a bizarre end user license agreement (EULA) - not for a legitimate piece of software, but for a bot builder sold in the criminal black market.

Many of the restrictions the bot vendor places on its customers are straightforward enough, but without the ability to resort to actual laws to enforce their EULA, the botmakers take a more direct approach. Symantec translates the threat for noncompliance with the EULA from Russian:

bq. In cases of violations of the agreement and being detected, the client loses any technical support. Moreover, the binary code of your bot will be immediately sent to antivirus companies.

As Symantec notes, none of this has stopped the software from being traded in underground markets. No word on whether security companies have been flooded with bot binary code reports from mysterious sources recently.

No Scrolling Necessary

Posted on August 8, 2007 - 17:49 by bweeks

Here at we're constantly finding examples of common badware attacks. One well used avenue for attack is the bundling of badware into codecs. Through a bit of social engineering these programs will pose as some end-all be-all solution to your problems; from saving you marriage to entertaining you, they'll do it all! The opposite is usually the case, of course, but we usually get a kick out of the kind of ridiculousness that they will presume to solve. Today while looking at a codec offered at, we discovered that they held no such pretensions; as their EULA clearly stated:

While we appreciate's concise EULA, we don't suggest that users install their codec on their machines.