Case study - successes and failures apprehending malware authors

Raymond A. Pompon HCL CapitalStream

Most malware authors operate with impunity, very few are prosecuted. Based on the author's first-hand experience with a decade's worth of malware cases, several organizational behaviour factors for successful malware prosecution become evident. Some of these factors are already part of the known body of best practices for incident response, such as promptness and partnerships, while other factors include resolve and awareness. This paper will examine a variety of cases, including the very successful Christopher Maxwell botnet prosecution ( The points of view of the individuals directly involved in these cases will explored, including the perspectives of the organizational staff and leadership, the FBI case agents and prosecuting attorneys. The paper will look at the cases with respect to the differences between generic incident response and responding to a malware infection. The paper will examine the critical behaviours that can organizations can implement to help apprehend and successfully prosecute malware authors.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.