Feeds

Malware license agreement tells it straight

'FU' sucker

3 Big data security analytics techniques

You normally need a law degree and the patience of Job to make sense of End User License Agreements (EULAs).

These seldom-read legal screeds have a reputation for being both hard to fathom and often one-sided in protecting the rights of software suppliers. So it's refreshing to find an agreement that gets straight to the point without wasting users' time scrolling down through something they aren't going to read anyway.

hotelcodec.com says it like it is.

A license agreement for a malware-bundled codec from hotelcodec.com simply says: "FUCK YOU".

We're indebted to Stopbadware.org, a "Neighbourhood Watch" campaign aimed at fighting malware for bringing this example of plain English to our attention. "While we appreciate hotelcodec.com's concise EULA, we don't suggest that users install their codec on their machines," Stopbadware.org advises.

Hotelcodec.com connects to a site called tvcodec that prompt users to download a "codec" that supposedly improves video and audio quality. The hotelcodec1000.exe application offered up contains the Zlob Trojan (AKA DNSChanger), as confirmed by tests we carried out at VirusTotal (see screen shot here).

Anti-virus detection is patchy for now, but the site is well on its way to being blacklisted by security services such as McAfee SiteAdvisor, as you can see here. ®

3 Big data security analytics techniques

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.