What is the purpose of antivirus companies? They produce tools to detect and remove malicious software on a large number of computers. Their basic process is pretty simple. They collect samples of new malicious software from various sources, including the general public. You, too can send a piece of software to antivirus companies if you suspect it might be malicious. Each sample will be analyzed by the antivirus company. If it really is malicious, a signature will be produced and disseminated to all users of the company’s products through an automated mechanism. After receiving the new signature, antivirus software is capable of detecting the new malicious software and often also stopping it from working in one way or the other.
Sounds innocent, but the bad guys discovered this might be a suitable infrastructure to enforce end-user license agreements. If you rent a botnet and fail to comply with its operators‘ terms, they threaten to forward your bot to antivirus companies. I really like that idea, although I see a couple of pitfalls here, as do the guys who originally reported this.
According to the Motion Picture Association of America (MPAA) this seemingly innocent 32-digit hexadecimal number is verboten. Slashdot reports they sent out DMCA takedown notices (sample at chillingeffects.org) to several sites that spread the number 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0.
The DMCA, or Digital Millennium Copyright Act is a U.S. copyright law. A takedown notice is a letter or other message that a legitimate copyright holder can send to an internet service provider, requesting that specific infringing material be taken off the Net.
So why and how would an association of the motion picture, home video and television industries attempt to maintain and defend their copyright in a 32-digit hexadecimal number, 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0?