Together with information on the regulation of the rights and obligations of the parties, they may include a disclaimer of liability for possible damage or loss of profit of the end user due to improper operation of the programs. In addition, such documents may contain requirements that oblige users to provide certain confidential data, as well as other equally important conditions. At the same time, to start working with applications, it is almost always necessary to accept these conditions, even if they are controversial. However, we are so used to the same type of licensing agreements for computer programs that we rarely read these long and boring documents. Almost always, users automatically accept all of their provisions, without thinking about the possible consequences.
Surprisingly, licensing agreements are found even in malicious applications. Firstly, virus writers compose them directly for users of Trojans and other dangerous programs. In this case, their customers know about the purpose of such software. Secondly, agreements can be created to disguise Trojans as harmless applications in order to deceive potential victims or try to avoid problems with the law.
What do virus writers write in licensing agreements and what do users propose to agree to?
The creators of Trojans and dubious software do not reinvent the wheel. They report exactly the same as the developers of "normal" programs. Only the wording is sometimes not so polished. The clauses of the agreements may differ depending on the imagination of virus writers, but in general they are standard. They stipulate the conditions for the provision of the service, the rights and obligations of the parties, and in especially “correct” texts there may even be a disclaimer. Everything is like the developers of legal applications.
Consider an example of one of these license agreements. It is designed for buyers of the styler Trojan, which cybercriminals sell on the black market.
The virus writers tried to relieve themselves of all responsibility and, as they apparently seem to avoid the attention of law enforcement agencies. Firstly, in the agreement they report that all the information they provide is supposedly for informational purposes only. And this is despite the fact that they sell malware and do not hide it. Secondly, the authors of the styler claim that they do not call for a violation of the law and are not responsible for the actions of their clients. However, the creation of a Trojan and its sale are automatically subject to article 273 of the Criminal Code of the Russian Federation (“Creating, Using, and Distributing Malicious Computer Programs”). Therefore, no matter how these (and other) virus writers play with wording and formal replies, they will not be able to avoid problems with the law.
By the way, information security specialists - researchers, participants in various IT conferences, etc., find themselves in a similar situation. Their creation of malware concepts (PoC), demonstration exploits, and other academic developments also violates the law in terms of criminal law. Even if they were made for demonstration, educational or research purposes.
Consider another example. This is not a complete license agreement, but a set of rules from the developer of a software packer sold on underground Internet sites.
Packers for executable files are common. Among other things, they are widely used to protect against unfair competition in the software market - anti-debugging and reversing. However, there are instances that are created to specifically counter antiviruses. Like the white packers, they also protect programs. But these programs are by no means harmless, but malicious. So in the case under consideration.
The author (or authors) of the specified packer proudly reports a decrease in the effectiveness of detection by antiviruses when it is used, actually admitting a violation of the law. Indeed, according to paragraph 1 of the already familiar article 273 of the Criminal Code of the Russian Federation, the neutralization of computer information protection is a crime. And the packer they sell is designed specifically for the unauthorized neutralization of antiviruses - it hides malicious code from them.
The developers of the packer declare that they are not responsible for the actions of their customers. But it is unlikely that they do not understand that ultimately it is virus writers who will use their services.
And here are excerpts from a more elaborate license agreement. It accompanies a Trojan that installs unnecessary software and other malicious applications on infected devices. One important detail: far from all potential victims will see this text - there is an agreement only for some Trojan builds that are distributed through certain partner services.
What is interesting about this agreement? Firstly, it says that by installing this software, the user agrees to remotely administer his computer. In fact, he will allow unknown persons to do anything. This is a potential theft of confidential data and money, using the system as a proxy server, spamming, etc.
Secondly, the user agrees to receive application updates, which according to the text of the agreement can be anything. Knowing that the Trojan’s main function is to install other malicious programs and unnecessary software, it’s easy to guess which “updates” it will install.
As with the agreements discussed earlier, this also contains a standard limitation of liability. But, unlike most other texts, the termination of the restriction is allowed here, if it is contrary to the legislation of the user country. However, such points are meaningless. If the laws of a country impose penalties for the creation and distribution of malware, it will by default void any formal disclaimers.
Due to legal regulation and increasing attention to the malware market by law enforcement agencies, more and more virus writers are paying attention to legal issues. As a result, the number of Trojans and other dubious applications is increasing, the authors of which supply them with license agreements or lists of rules for using software similar to them. And these agreements themselves increasingly contain clauses that, according to their authors, should protect against possible accusations of breaking the law. Nevertheless, if one or another program is malicious, neither the disclaimer nor the presence of any special conditions in user agreements will help the authors to avoid punishment.
Users are advised to carefully read the texts of the agreements, especially if they belong to little-known or dubious programs. This can help avoid potential problems - for example, not becoming a victim of scammers, not becoming an unwitting distributor of malware, and saving your money.