Here's a list of U.S. state laws:http://www.ncsl.org/default.aspx?tabid=13487
As an example, here's California:The crime:
( c) Except as provided in subdivision (h), any person who commits
any of the following acts is guilty of a public offense:
(8_) Knowingly introduces any computer contaminant [defined to include viruses, worms, etc.] into any
computer, computer system, or computer network.
(4) Any person who violates paragraph 8 of subdivision (c) is
punishable as follows:
(A) For a first violation that does not result in injury, a
misdemeanor punishable by a fine not exceeding five thousand dollars
($5,000), or by imprisonment in a county jail not exceeding one year,
or by both that fine and imprisonment.
(B) For any violation that results in injury, or for a second or
subsequent violation, by a fine not exceeding ten thousand dollars
($10,000), or by imprisonment in a county jail not exceeding one
year, or by imprisonment pursuant to subdivision (h) of Section 1170,
or by both that fine and imprisonment.[b]From 1170 (h):
(h) (1) Except as provided in paragraph (3), a felony punishable
pursuant to this subdivision where the term is not specified in the
underlying offense shall be punishable by a term of imprisonment in a
county jail for 16 months, or two or three years.
I can't imagine any law only making it a crime to introduce new malware into a system. This would give people carte blanche to install any malicious software as long as they didn't write it. In fact, the law is the other way around. You can create any software you want and write How-To articles detailing virus/worm techniques; that's all covered by freedom of speech. But, if you actually send out a virus or worm you're committing a crime.
BS in IT: Security, CISSP, CEH, EnCE. MS in progress.