[unisog] Significant Rogue DNS Activity To 85.255.112.0/22 (thanks to the "FreeVideo Player" Trojan)

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Fri Nov 17 23:27:17 GMT 2006


On Fri, 17 Nov 2006 15:32:22 CST, Brian Eckman said:

(Thanks for a great analysis...)

> (Interestingly, I mention that the EULA appears somewhat
> professional-looking. Reading it, there are a few clues that this
> software is at least shady, if not overtly malicious. First off, the
> Licensor is never defined. It claims to be a legally binding agreement,
> but it never claims who you are bound to. They claim that you must abide
> by the intellectual property laws, but never say where the origin of the
> software is, or what nation's law it claims to be under. Based on this,
> along with other observations, while I am not a lawyer, I am doubtful as
> to whether or not the EULA is enforceable in the US.)

The devious part of my mind wonders if in fact, they never *intended* for
the EULA to be enforcable, but are merely doing some very clever social
engineering, by leveraging the meme "Legitimate software always has a EULA
you just click through".  If it didn't have a EULA, people might get a little
suspicious....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.sans.org/pipermail/unisog/attachments/20061117/5134330c/attachment.bin 


More information about the unisog mailing list