Selling malware in the underground marketplace is big business for black hats. Some have turned to copyrights and licenses in an effort to try to protect their revenue streams.
One might think that malware authors don't stand a chance of enforcing any type of copyright or licenses on their malicious code. However, that might not be the case. According to Symantec, some malware authors have threatened to convert their foes - namely anti-malware solution makers - into allies.
Symantec recently had a close look at a malware package called Zeus and found that it included a somewhat typical license agreement that restricts the user from redistributing or reverse engineering the package, among other restrictions.
However, the license agreement also came with a not-so-subtle warning: Should anyone be found in violation of the copyright or license then the developers threaten to send copies of the violating code to anti-virus companies.
At that point the anti-virus companies would most likely begin creating detection methods, which in turn would reduce the ability of the violating party to spread their malware. That sounds like a pretty strong threat, however Symantec pointed out that even with such a notice people began openly trading copies of the Zeus malware package on underground forums. And of course, Symantec security solutions can detect and remove the malware.