In our first post , we noted the dramatic growth over the past several years in the incidence of cybercrime that victimizes Americans. One of the most striking examples of this trend is the threat from botnets — networks of victim computers surreptitiously infected with malicious software, or “malware.” Once a computer is infected with the malware, it can be controlled remotely from another computer with a so-called “command and control” server. Using that control, criminals can steal usernames, passwords, and other personal and financial information from the computer user, or hold computers and computer systems for ransom. Criminals can also use armies of infected computers to commit other crimes, such as distributed denial of service (DDoS) attacks, or to conceal their identities and locations while perpetrating crimes ranging from drug dealing to online child sexual exploitation. The scale and sophistication of the threat from botnets is increasing every day. Individual hackers and organized criminal groups are using state-of-the-art techniques to infect hundreds of thousands — sometimes millions — of computers and cause massive financial losses, all while becoming increasingly difficult to detect. If we want security to keep pace with technological innovations by criminals, we need to ensure that we have a variety of effective tools to combat evolving cyber threats like these.