Good point DA, would you then logically assume it is either A) the level of the payload's intervention in the infected system or B) the programming language level that would determine the threat posed by a particular malware?

I'm not jerkin' yer chain, I am seriously curious because this has been a pet project of mine for a few years. If anyone knows of a VERY serious math-magician who can handle comples probabilities and calculations that border on the insane I would seriously like to talk with them - PM or e-mail me about it for more.

Back on topic. What truly defines the actual "threat" of a malware? And futher, what would decide the intent? I am drawing a conclusion that it is really based on how intrusive the malware becomes. Is this a wrong assumption? We already know the idea of a malware causing actual damage is out of reach (for now...) but damage defined as loss of time, data, service, etc. Would a damaging program alone demonstrate intent and therefore show that the writer is more deserving a punishment?

There are so many other areas we could get into but I will stop to stay on topic.

Regards