This may be a little broken, it was originally sent in response to a question posed to me asking for my opinion regarding the legal aspects reference using the Geocities page. This is not competent legal advise, just my understanding as a publisher, and a person who has been involved in the Internet for over 10 years. I will be in contact with a lawyer familiar with Internet law, if nothing else, just for my own education. The infected user first downloaded Fizzer embedded within another file, presumably either on KaZaa, or via email attachment. KaZaa posts their Terms of Service, which includes the statement that any user understands they may also receive other files not included in any posting of file names, that is, they may also download malicious or other unwanted files, and that they do so at their own risk. At that point, should the user choose to download and run files, they have given their implied consent. Once the infected file is downloaded and opened, installing it into their computer, the infected file has a "call home" feature written into it by the author of Fizzer, which periodically allows the program to access a remote server to automatically update itself. There are many instances of legal programs which also have this feature, so the notion of a program "calling home" is generally understood to be an accepted action. (My HP does that, or did, until I disabled the port it uses) The program would then download any updates posted on the server, at the IP that is set within the program routine itself. This still falls into the "implied consent" rule, as the user is allowing the program to do as it was intended. In the case of the original Fizzer author, the intention was to give a malicious program updates which would sustain the operation of the program, causing further harm to other users and networks. By accessing the Geocities site, as provided within the Fizzer, and replacing the update with another series of commands that in effect disable Fizzer, any person placing such files would reasonably be acting within the original intent of the Fizzer author, that is to say, supplying updates to the existing program. That the update causes Fizzer to become disabled is of little consequence, as the user has by implied consent allowed any and all further modifications to be implemented to Fizzer. While it is the intent of the original author to cause harm, the persons responsible for the modification which in effect shuts down Fizzer are acting on the premise that they are doing so for the good of all. The original Fizzer author also built into Fizzer the ability to connect to various IRC networks, and join particular chat rooms, in order to be further controlled by remote command. The end user, having consented to downloading and installing Fizzer, therefore by implied consent, agrees to allow any and all commands to be issued to their computer via said IRC channels. One example of remote cleaning of computers can be found at http://housecall.antivirus.com The long and the short of it is, no one is "modifying" any computer, they are only carrying out the original authors intent of updating Fizzer. That it in effect causes Fizzer to cease to be of further harm is of benefit to all, and would be seen in most courts as an action for the common good. I am aware of several other less publicized actions taken of the same sort, this being the first of its kind as far as coverage by media. It is more a matter of ethics rather than a legal issue, I believe. Ethically, I think it is justified. I think it is an innovative, and proper solution to a problem and may have far reaching effects beyond disabling one malicious program. The author of the IRC Junkie article does raise a valid point, that the actions taken do raise legal issues, and with Internet Law a new field, quite a lot of what we do is new to the legal profession, and the law will adapt to this new medium, for the most part, borrowing from current legal precedents. On another point, it would be fairly simple to track the original Fizzer author, Geocities should have the IP of whoever first set up the site. I can only hope they are cooperating with investigative agencies.