Pentesters and ethical hackers should be mindful of the many laws that relates to the deployment and use of malware. Malware has been subject to increasing legal attention as the technology has evolved from being harmless to much more malicious and expansive in its abilities. The creation and use of malware have led to the enactment of some very strict laws; many countries have passed and modified laws to deter the use of malware.

In the United States, the laws that have been enacted include the following...

The Computer Fraud and Abuse Act
This law was originally passed to address federal computer-related offenses, and the cracking of computer systems. The act applies to cases that involve federal interests, or situations involving federal government computers or those of financial institutions. Additionally, the law covers computer crime that crosses state lines or jurisdictions.

The Patriot Act
This act expanded on the powers already included in the Computer Fraud and Abuse Act. The law provides penalties of up to 10 years for a first offense and 20 years for a second offense. It assesses damage to multiple systems over the course of a year to determine if such damages are more than $5,000 total.

CAN-SPAM Act
This law was designed to thwart the spread of spam: mass-mailed messages that harass or irritate the recipient into purchasing products or services.

Each country has approached the problem of malware a little differently, with penalties ranging from jail time to potentially steep fines for violators.
In the United States, states such as California, West Virginia, and a host of others have put in place laws designed to punish malware perpetrators.