[mkagenius]

I doubt the type of bug will matter unless people need license to sell trojans by law.

[tptacek]

"Type of bug"? Sorry, I don't follow.

[sillysaurus3]

Banking trojans. They're saying that the DOJ might convict people for selling trojans in the course of their security work.

I think the "selling" part is the problem, not the writing. Don't sell trojans and you won't go to jail. Seems pretty clear.

[weaksauce]

I'd say making them is legal and using them on systems you own is completely legal... selling them or using them on machines you are not allowed to access are illegal. Giving them away to someone that sells them or uses them to commit a crime would be a grey area but likely illegal.

[ShabbosGoy]

Is selling Trojans illegal? If so, why are companies like Punkbuster and nProtect allowed to develop anticheat software?

A lot of AC software runs in ring0 and behaves a lot like a Trojan. I remember nProtect specifically injecting DLLs into explorer.exe among other nasty "black hat" techniques.

[sillysaurus3]

It's a difference in kind, not degree. The trojan in this case was meant to harvest banking and Amazon logins.

[ryanlol]

Intent matters.