Posted 19 April 2011 - 05:16 PM
Hi there Ted, glad you got cleaned up. As for the ne'er-do-wells responsible, certainly they can be arrested. In most countries releasing malware is a criminal act, the trouble lies with tracking the buggers down and that is very difficult. Even when the authorities know where a particular bit of malware is being controlled from, they still usually don't know who's controlling them.
Take, for example, the recent takedown of the notorious Rustok botnet. Microsoft, the largest software company in the world had to file a Federal lawuit, coordinate with US Marshal's to seize the command and control servers that were located in Missouri, Pennsylvania, Colorado, Illinois, Washington and Ohio and leased by people using an address in Azerbaijan. In order for the criminals to be brought to justice, there would need to be a large, ongoing and internationally coordinated investigation by at least the United States DOJ and the Azerbaijan Ministry of Justice, probably using INTERPOL as a go-between. Then there's extradition, for which the US and Azerbaijan have no treaty and this is all assuming that the culprits are actually in Azerbaijan.
The plain fact of the matter is that it is just too costly and labor-intensive to bring any but the most serious and prolific malware distributors to justice.