Distribution of malicious software, otherwise known as malware, is accomplished in a variety of ways. They include email attachments and spam emails containing links to websites that secretly install the malware on the victim’s computer. Viruses, Trojan Horses, Rootkits, and Backdoors are all forms of malware.
If someone distributes malware they may be guilty of Unauthorized Use of a Computer, an offense that applies when someone has gained access to a computer without the owner’s knowledge or permission. It is a Class A misdemeanor punishable by 1 year in prison and / or a fine of up to $1,000. Even if the person never gained access to the machine, the malware did, and the person may be held liable. Computer Tampering charges, which are laid when someone uses a computer without permission and intentionally changes or destroys the owner’s data, can also apply, especially if the malware infects a critical file, boot sector, or partition sector. The penalty depends on the degree of the offense. The most severe, Computer Tampering in the First Degree, can be punished by 15 years in prison.
Both federal and state legislation deal with the intentional formation and release of malware. The federal computer fraud and abuse statute, 18 U.S.C. 1030, criminalizes conduct that compromises protected computer systems (systems in banks, government institutions, or in a position to affect U.S. commerce). Subsection (a)(5) specifically addresses damage due to malware distribution. Penalties range from one year in prison and / or a fine of not more than $100,000 for a first time offender to 20 years and / or a $250,000 for a repeat offender who causes extensive damage.
- Computer Hacking
- Computer Trespass
- Computer Tampering
- Criminal Possession of Computer-Related Material
- Unlawful Duplication of Computer-Related Material
If convicted of distributing malicious software, the nature and duration of the punishment depend on the extent of the damage inflicted. Because a person is looking at approximately 5 years in prison and / or a $250,000 fine if convicted, they should hire a criminal defense attorney with experience in defending those accused of federal crimes.
If the defendant can show that the malware was distributed unintentionally (i.e. their system was infected) they may have a viable defense. Duress, entrapment, and mental defect, if proven, are also mitigating factors.
On May 19, 2014, the FBI New York Field Office and the U.S. Attorney’s Office for the Southern District of New York announced the unsealing of an indictment against Alex Yucel ( a Swedish national ) and the guilty plea of Michael Hogue, U.S. citizen, both of whom developed a piece of computer malware known as Blackshades. Blackshades was sold and distributed worldwide and used to infect more than half a million computers. An individual who helped sell the software and two purchasers who used it to infect others’ computers were also arrested.