The people who write the software for creating zombie nets are trying to protect their intellectual property. Redistribution is prohibited, as is examining the code, etc. If you’ve seen an end user license, you’ve seen it.
According to their blog, Symantec found the license on some Russian software:
The terms of this licensing agreement place the following restrictions on the client (the buyer). (The below is not a word-for-word translation.)
2. The Client:
1. Does not have the right to distribute the product in any business or commercial purposes not connected with this sale.
2. May not disassemble / study the binary code of the bot builder.
3. Has no right to use the control panel as a means to control other bot nets or use it for any other purpose.
4. Does not have the right to deliberately send any portion of the product to anti-virus companies and other such institutions.
5. Commits to give the seller a fee for any update to the product that is not connected with errors in the work, as well as for adding additional functionality.
Looks pretty normal, apart from the subject matter, doesn’t it?
Now, bizarrely, comes the “threat”:
To give anti virus companies the binary code, if they breach the license…
As a lame threat, this one was lamer than most. Symantec says the thing was being traded happily online after it was released.
To clarify this position-
1. You’re the person who wrote this nasty code,
2. You know who you sold it to,
3. You have the technical ability to find out to whom it was on-sold.
4. You go to the trouble of putting a license and related threat on your code.
…And nobody gives a damn.
This is pretty strange, because most real hackers aren’t toothless. They’re capable of doing serious damage. Yet whoever this was knew where to sell their stuff, which means knowing the market pretty well, because these are not terribly social people, and don't advertise. Whoever made the bot builder just wasn't taken seriously.
The code, of course, by now will have been sprayed all over the net, analyzed, copied, reworked, improved, and maybe put in a museum somewhere. From hacker to charity isn’t a big step, apparently.
According to the Sydney Morning Herald, Symantec are pretty amused.
"We know they can't actually enforce it, and they probably wouldn't try," Ramzan said. "What's funny is they put more effort into their EULA (end-user licence agreement) than traditional software companies might."
Suggestion: Look for a very upset, out of pocket, Russian IT guy who works for a law firm.