The cooperation among international law enforcement agencies that led to the arrests of more than 90 individuals in 16 nations for their alleged involvement in the use of BlackShades malware is a sign of significant progress in the global fight against cybercrime, some security experts say (see: Malware Takedown Leads to 90 Arrests). But others question whether even a sizable crackdown can have much of a long-term impact on the proliferation of malware.

"The key isn't the size, but the degree to which multiple countries cooperated and coordinated their efforts to carry out a global law enforcement action as a single, integrated event," says Alan Brill, senior managing director at security advisory firm Kroll Solutions.

"For too many years, cybercriminals have depended on the lack of cross-border law enforcement cooperation and coordination to provide themselves with what they considered to be safe havens for their activities," he says. "The kind of cooperation and joint activity we saw in this operation should shake that belief."

Brill is hopeful that the connections made in planning and executing this international operation will provide the beginnings of a structure for better coordinating crackdowns against those who use, distribute and develop malware.

Payments fraud expert John Buzzard, who oversees FICO's Card Alert Service, notes: "Cybercrime doesn't have a boundary, and therefore our law enforcement efforts have to involve coordinate efforts like this over multiple countries and agencies. This is an excellent example of what cooperation can lead to."

And Brill suggests that this week's law enforcement activity "should be a warning to criminals, or those who think that they can get away with cybercrime, that wherever they are, the chances of being caught and prosecuted have just gone up."

How Big an Impact?

But Ed Ferrara, vice president and principal analyst at Forrester Research, points out that even a massive arrest can only have a relatively minimal impact on the worldwide proliferation of malware. "The number of arrests in this case is impressive, as well as the demonstrated cooperation between law enforcement from different countries; but this is one victory in a large-scale conflict," he says.

Ferrara also says the arrests apparently targeted "soldiers" and not "generals." He adds: "This is similar to the war against drugs. Low-level dealers get busted but the kingpins and cartel 'market makers' remain free."

Anton Chuvakin, a research vice president at the consultancy Gartner, predicts the international takedown will have a minimal impact on the use of malware for fraud.

"The criminal ranks have swollen enough so that one group being arrested would barely be a drop in the bucket," he says. "The odds still favor the criminals quite a bit: Make money now for sure and maybe get arrested later - but most likely not."

But the arrests may have a deterrent effect on low-level hackers, Buzzard acknowledges. "Arrest activity always slows the proliferation of high-profile crimeware. It doesn't stop it completely, but it definitely gives would-be users some reason to pause and contemplate their next move."

Worldwide Malware

BlackShades malware has been sold to thousands of individuals throughout the world, according to Europol, the European Union's law enforcement agency that took part in the crackdown.

One of the versions of the malware, BlackShades RAT (Remote Access Trojan), enables users to remotely and covertly gain complete control over a victim's computer, Europol says. Once installed on a victim's computer, a user of the RAT can access and view documents, photographs and other files, record all of the keystrokes entered and even activate the webcam on the victim's computer, all of which is done without the victim's knowledge, Europol says.

In a recent case in the Netherlands, an 18-year-old used the BlackShades malware to infect at least 2,000 computers, Europol says.

BlackShades could also be used to carry out large-scale distributed-denial-of-service attacks, according to Europol.