But worm authors are hardly absolved of blame. By putting their code freely on the Web, virus writers essentially dangle temptation in front of every disgruntled teenager who goes online looking for a way to rebel. A cynic might say that malware authors rely on clueless script kiddies the same way that a drug dealer uses 13-year-olds to carry illegal goods -- passing the liability off to a hapless mule.
''You've got several levels here,'' says Marc Rogers, a former police officer who now researches computer forensics at Purdue University. ''You've got the guys who write it, and they know they shouldn't release it because it's illegal. So they put it out there knowing that some script kiddie who wants to feel like a big shot in the virus underground will put it out. They know these neophytes will jump on it. So they're grinning ear to ear, because their baby, their creation, is out there. But they didn't officially release it, so they don't get in trouble.'' He says he thinks that the original authors are just as blameworthy as the spreaders.
Sarah Gordon of Symantec also says the authors are ethically naive. ''If you're going to say it's an artistic statement, there are more responsible ways to be artistic than to create code that costs people millions,'' she says. Critics like Reitinger, the Microsoft security chief, are even harsher. ''To me, it's online arson,'' he says. ''Launching a virus is no different from burning down a building. There are people who would never toss a Molotov cocktail into a warehouse, but they wouldn't think for a second about launching a virus.''
What makes this issue particularly fuzzy is the nature of computer code. It skews the traditional intellectual question about studying dangerous topics. Academics who research nuclear-fission techniques, for example, worry that their research could help a terrorist make a weapon. Many publish their findings anyway, believing that the mere knowledge of how fission works won't help Al Qaeda get access to uranium or rocket parts.
But computer code is a different type of knowledge. The code for a virus is itself the weapon. You could read it in the same way you read a book, to help educate yourself about malware. Or you could set it running, turning it instantly into an active agent. Computer code blurs the line between speech and act. ''It's like taking a gun and sticking bullets in it and sitting it on the counter and saying, 'Hey, free gun!''' Rogers says.
Some academics have pondered whether virus authors could be charged under conspiracy laws. Creating a virus, they theorize, might be considered a form of abetting a crime by providing materials. Ken Dunham, the head of ''malicious code intelligence'' for iDefense, a computer security company, notes that there are certainly many examples of virus authors assisting newcomers. He has been in chat rooms, he says, ''where I can see people saying, 'How can I find vulnerable hosts?' And another guy says, 'Oh, go here, you can use this tool.' They're helping each other out.''
