The Problem with EULAs Some apps are being distributed with secret Bitcoin-mining software embedded in them.Coins found are sent back to the app owners, of course.And to make it legal, it's part of the end-user license agreement (EULA): COMPUTER CALCULATIONS, SECURITY: as part of downloading a Mutual Public, your computer may do mathematical calculations for our affiliated networks to confirm transactions and increase security.Any rewards or fees collected by WBT or our affiliates are the sole property of WBT and our affiliates.This is a great example of why EULAs are bad.The stunt that resulted in 7,500 people giving Gamestation.co.uk their immortal souls a few years ago was funny, but hijacking users' computers for profit is actually bad.Posted on December 5, 2013 at 6:58 AM • 25 Comments ← Evading Airport Security Heartwave Biometric → Photo of Bruce Schneier by Per Ervland.Schneier on Security is a personal website.Opinions expressed are not necessarily those of IBM Resilient.

As the Bitcoin bubble inflates to over $1,000 per unit, legions of newcomers are scrambling to join the digital gold rush.For some companies, that means accepting the currency at online checkout counters; for others, it means releasing PC hardware designed to "mine" new Bitcoins at blistering rates.But an unscrupulous few have turned in a more sinister direction, covertly converting users' hardware into Bitcoin-mining zombies.The E-Sports Entertainment recently agreed to pay a $1 million settlement after secretly installing Bitcoin mining software on more than 14,000 computers nationwide.But this holiday weekend, the makers of the superb Malwarebytes anti-malware software shined a light on a new type of malicious miner—one that announces its plans right in the installation agreement.Malwarebytes says that the "Your Free Proxy" software by We Build Toolbars, LLC, includes the innocently named "Monitor.exe," which not-so-innocently "beacons out constantly, waiting for commands from a remote server, eventually downloading the [jhProtominer mining software] and installing it on the system."

Bitcoin mining is an intensive process that strains your CPU and GPU alike, to the point of drastically slowing down your system (depending on your setup).bitcoin wallet eigene adresseSecret commands and secret Bitcoin mining software installed by slyly named executables just screams "MALWARE!"elveszett bitcoinMalwarebytes scrounged up the following interesting tidbit in Your Free Proxy's EULA: COMPUTER CALCULATIONS, SECURITY: as part of downloading a Mutual Public, your computer may do mathematical calculations for our affiliated networks to confirm transactions and increase security.bitcoin law enforcementYep, Your Free Proxy flat-out says it plans to thrash your CPU in a quest for digital gold, literally banking on the fact that no one—no one—reads EULAs or TOS agreements.

Malwarebytes has labeled We Build Toolbars' software as a "Potentially unwanted program," or PUP."In my opinion, PUPs have gone to a new low with the inclusion of this type of scheme, they already collected information on your browsing and purchasing habits with search toolbars and redirectors," Malwarebytes' Adam Kujawa wrote."They assault users with pop-up ads and unnecessary software to make a buck from their affiliates.Now they are just putting the nails in the coffin by stealing resources and driving user systems to the grave."If you don't like the idea of shady software putting your PC's pedal to the metal under your nose, grab a solid anti-malware program and read up on how to protect your PC against the Web's most devious security traps.(Yes, Malwarebytes is in there.)This episode drives home another point, as well: Make it a point to read the EULA of any software you install—or at least utilize the services of a legalese scanner like the superb EULAyzer donationware.To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.

This is an archived post.You won't be able to vote or comment.NewsMojang are starting to crack down on servers infringing the EULA.(self.Minecraft)submitted by Hi, ', regarding their purchases available from their websites being against the terms laid out in the EULA.They then list out all issues they find with the server, their suggested fixes, and give you 7 days to respond stating that you are going to comply, otherwise legal action may follow.Both of the emails that I have personally seen have come from the same Mojang Brand Enforcement Agent, 'Brandon Andersson'.My first reaction was to think that an email spoofing service had been used, as emails are scarily easy to fake, but after analysing the headers of multiple of these emails, they all point to being legitimate.The ISP that the emails originated from is the ISP that Mojang uses, and many online email address validators see the address as valid.I've spent quite a while looking through these headers, and nothing appears out of the ordinary.

Around this time last year Mojang started cracking down on 'Minecraft clones' on mobile app stores that used assets from the game, and now it appears they are closing in on server admins that don't follow the EULA.Thanks, Me4502 (CraftBook Lead Developer and Sponge Staff) π Rendered by PID 129564 on app-241 at 2017-06-23 23:48:43.252921+00:00 running 3522178 country code: SG.Computer users are being warned about "scam" apps which stealthily use their PC's resources to "mine" Bitcoins - by getting permission in a lengthy user agreement.The security company Malwarebytes says that it has come across a program which silently used more than half of a user's computer power to perform the complex calculations required to generate the virtual currency, whose value has skyrocketed this year to around $1,000.Adam Kujawa at Malwarebytes says that the move is one step on from the typical "Potentially Unwanted Programs" which offer browser toolbars and search agents that capture user data and pass it back to the companies, which then use that to serve adverts.

This time, though, the program "installs a Bitcoin minter on the user system, not just for a quick buck but actually written into the software's EULA [End User Licence Agreement].This type of system hijacking is just another way for advertising based softeare to exploit a user into getting even more cash."The relevant part of the EULA says: COMPUTER CALCULATIONS, SECURITY: as part of downloading a Mutual Public, your computer may do mathematical calculations for our affiliated networks to confirm transactions and increase security."Talk about sneaky," comments Kujawa.He points out that this means the owner of the software would not share any proceeds of the work with the PC's owner.Yet the efforts of the app writers - and the PC owners - may be wasted.The amount of processing power now being used to try to mine Bitcoins have increased exponentially in the past year, so that it now requires dedicated ASIC processing rigs to generate Bitcoins in any reasonable period.It's now almost impossible to mine Bitcoins using a standard PC CPU - and even "botnets" of CPUs aren't able to compete against the dedicated rigs in terms of computing power.