The Register® — Biting the hand that feeds IT

Feeds

Malware license agreement tells it straight

'FU' sucker

Customer Success Testimonial: Recovery is Everything

You normally need a law degree and the patience of Job to make sense of End User License Agreements (EULAs).

These seldom-read legal screeds have a reputation for being both hard to fathom and often one-sided in protecting the rights of software suppliers. So it's refreshing to find an agreement that gets straight to the point without wasting users' time scrolling down through something they aren't going to read anyway.

hotelcodec.com says it like it is.

A license agreement for a malware-bundled codec from hotelcodec.com simply says: "FUCK YOU".

We're indebted to Stopbadware.org, a "Neighbourhood Watch" campaign aimed at fighting malware for bringing this example of plain English to our attention. "While we appreciate hotelcodec.com's concise EULA, we don't suggest that users install their codec on their machines," Stopbadware.org advises.

Hotelcodec.com connects to a site called tvcodec that prompt users to download a "codec" that supposedly improves video and audio quality. The hotelcodec1000.exe application offered up contains the Zlob Trojan (AKA DNSChanger), as confirmed by tests we carried out at VirusTotal (see screen shot here).

Anti-virus detection is patchy for now, but the site is well on its way to being blacklisted by security services such as McAfee SiteAdvisor, as you can see here. ®

Ensure Ease of Recovery with Asigra’s Agentless Software

Latest Comments

@Doc Dish

You have my sympathies. I relish the thought of those developers finally being forced to face reality someday (or fired). If you haven't already done so, you might see if Software Restriction Policy has something to offer you on WinXP and Vista clients:

http://technet.microsoft.com/en-us/windowsvista/aa940985.aspx

0
0

@mechBgon

I would SO love to have non-Administrator user accounts, but unfortunately developers still exist that think "All my user-base are belong to Administrators" (sorry) - especially in the niche market of Healthcare.

I find myself asking every day "why does your crappy little database NEED the user to have God-like power over their desktop?" It's very disillusioning...

0
0

Zlob is not DNSChanger, and furthermore...

The EULA shown here is not the one that an end user would see if he were suckered into installing running the hotelcodec Trojan from an actual affiliate site. It's just the EULA you see if for some reason you go straight to hotelcodec.com and download the dummy file like a newbie. ;)

The "real" hotelcodec.com Trojans are DNSChanger. Zlob is not "aka DNSChanger"; they are different families, although the tactic used to get users to run them is the same.

As for hotelcodec.com being blacklisted, it is already more than halfway through its lifecycle (the Zlob and DNSChanger gangs typically rotate the hosting domains out after just a few days), and SiteAdvisor's glacial 2-4 week reaction time is far too slow to be much use against current "live" Zlob and DNSChanger domains. Too little, too late. I specialize in doing SiteAdvisor reviews on Zlob and DNSChanger, so this is a bit frustrating ;)

The best blanket defense against these Trojans, aside from user education, is the one that's free, doesn't need definiton updates, and is already sitting there waiting to be put into effect: non-Administrator user accounts. http://www.mechbgon.com/security2.html

0
0

More from The Register

 breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
 breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
 breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
 breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
Panda-peddlers cuffed for chess gambling gambit
More porridge on the menu for Chinese coders after second offence
 breaking news
Yes, maybe we should keep hackers in the clink for YEARS, mulls EU
Watch out black hats, they just might throw away the key
Microsoft borks botnet takedown in Citadel snafu
Stupid Redmond kicked over our honeypots, wail white hats