Criminal and cybercrime laws regarding malware and a malware virus can be a little tricky, and unfortunately there are many loopholes that can make it difficult to prosecute an offender using malware or a malware virus.
For example, many malware virus victims are located within the United States and are actually victimized by a third party using malware from outside of the country. Because the offender is outside of the country, that means that he or she is outside of legal jurisdiction and cybercrime laws, which then can make the chance of prosecuting a cybercrime perpetrator slim to none.
Additionally, because the number of infections tend to be so massive, it may be hard to track down just how many people were infected and where the exact source of the virus or worm came from. This also makes the chance of catching anyone trying to spread a malware virus very slim.
Although it is hard to prosecute, it is still against criminal laws and cybercrime laws to use a malware virus. According to United State law and cybercrime laws, it is a Federal crime to use a malware virus with the intention of harming a computer without authorization. Although a malware virus can be harmful and it is illegal to use malware, there is still debate over whether or not it should be illegal to possess malware.
Just a few years ago, Europe actually passed a law that makes it illegal both within the country and with their cybercrime laws to possess malware, and now other countries are starting to consider if the same law should apply to them. However, the U.S. chose not to enforce these cybercrime laws against possessing malware.
Many argue that perhaps it is because malware is simply a "tool" and is not necessarily a crime to own it. Others feel that perhaps it has to deal with the issue of free speech and that certain kinds of malware can be used as a harmless way of communicating