Lately, I’ve seen some people regularly sharing malware on Facebook. As long as the user clicks on it, it will automatically install on the user's device. This poses a risk to user privacy. So is it against the law to spread malware on Facebook? What are the regulations on prevention, detection, stoppage and handling of malware?
Looking forward to hearing from FDVN Law Firm. Thank you.
Thank you for concerning FDVN’s legal services. Base on your consulting requirements, after studying the legal documents, FDVN Law Firm offers the following advice:
 Is it against the law to spread malware on Facebook?
According to Article 7 of Law on Network Information Security 2015, the prohibited acts are as follows:
“Article 7. Prohibited acts
1. Blocking the transmission of information in cyberspace, or illegally intervening, accessing, harming, deleting, altering, copying or falsifying information in cyberspace.
2. Illegally affecting or obstructing the normal operation of information systems or the users’ accessibility to information systems.
3. Illegally attacking, or nullifying cyber information security protection measures of, information systems; attacking, seizing the right to control, or sabotaging, information systems.
4. Spreading spams or malware or establishing fake and deceitful information systems.
5. Illegally collecting, utilizing, spreading or trading in personal information of others; abusing weaknesses of information systems to collect or exploit personal information.
6. Hacking cryptographic secrets and lawfully enciphered information of agencies, organizations or individuals; disclosing information on civil cryptographic products or information on clients that lawfully use civil cryptographic products; using or trading in civil cryptographic products of unclear origin.”
Thus, the act of spreading malware on Facebook violates Law on Network information security. Accordingly. Persons who violate this regulation, depending on the nature and seriousness of the violation, shall be administratively sanctioned or brought into criminal accounts in accordance with the laws.
 Sanctioning violations
a) Sanctioning administrative violations:
Pursuant to Point b, Clause 6, Article 94 of Decree No. 15/2020/ND-CP on penalties for administrative violations against regulations on postal services, telecommunications, radio frequencies, information technology and electronic transactions:
“6. A fine ranging from VND 60,000,000 to VND 80,000,000 shall be imposed for the commission of one of the following violations:
a) Failing to provide adequate methods for refusal to receive promotional emails or messages;
b) Sending or spreading spam emails, spam messages and/or malware;
c) Creating a series of missed calls to entice users to make calls or send messages to numbers providing content services for personal gains or providing promotional information;
d) Operating or using service numbers or subscriber numbers for wrong purposes;
dd) Opening the function to dial, send/receive messages of toll-free service numbers/premium-rate service numbers.”
b) Criminal accounts
Pursuant to Article 286 of Criminal Code 2015, providing for acts of spreading programs harmful to computer networks, telecommunications networks, and electronic means:
“Article 286. Spreading software programs harmful for computer networks, telecommunications networks or electronic devices
1. Any person who deliberately spreads a software program that is harmful for a computer network, telecommunications network or an electronic device in any of the following circumstances shall be liable to a fine of from VND 50,000,000 to VND 200,000,000 or face a penalty of up to 03 years' community sentence or 06 - 36 months' imprisonment:
a) The illegal profit earned is from VND 50,000,000 to under VND 200,000,000;
b) The property damage caused by the offence is assessed at from VND 50,000,000 to under VND 300,000,000;
c) The harmful program is infected by 50 - 199 electronic devices or by an information system with 50 - 199 users;
d) The offender has incurred an administrative penalty or has an unspent conviction for the same offence.
2. This offence committed in any of the following circumstances carries a fine of from VND 200,000,000 to VND 500,000,000 or a penalty of 03 - 07 years' imprisonment:
a) The offence is committed by an organized group;
b) The illegal profit earned is from VND 200,000,000 to under VND 500,000,000;
c) The property damage caused by the offence is assessed at from VND 300,000,000 to under VND 1,000,000,000;
d) The harmful program is infected by 200 - 499 electronic devices or by an information system with 200 - 499 users;
dd) Dangerous recidivism.
3. This offence committed in any of the following circumstances carries a penalty of 07 - 12 years' imprisonment:
a) The offence is committed against a system of data which is classified information or an information system serving national defense and security;
b) The offence is committed against national information infrastructure; national grid control information system; banking or finance information system; traffic control information system;
c) The illegal profit earned is ≥ VND 500,000,000;
d) The property damage caused by the offence is assessed at ≥ VND 1,000,000,000;
dd) The harmful program is infected by ≥ 500 electronic devices or by an information system with ≥ 500 users.
4. The offender might also be liable to a fine of from VND 30,000,000 to VND 200,000,000 or prohibited from holding certain positions or doing certain jobs for 01 - 05 years.”
Thus, the person who conducts the act of spreading malicious software violates the laws. Depending on the nature and severity of the violation, he or she may be administratively sanctioned or criminally prosecuted under the mentioned regulations.
 What are the regulations on prevention, detection, stoppage and handling of malware?
Pursuant to Article 11 of Law on Network Information Security 2015 stipulating the prevention, detection, stoppage and handling of malicious software as follows:
“Article 11. Prevention, detection, stoppage and handling of malware
1. Agencies, organizations and individuals shall prevent and stop malware as guided or requested by competent state agencies.
2. The managing body of a national important information system shall put into operation technical and professional systems for preventing, detecting, stopping and promptly handling malware.
3. Enterprises providing email services or transmitting and storing information must have malware filtering systems in the course of sending, receiving and storing information via their systems and shall send reports to competent state agencies in accordance with law.
4. Internet service-providing enterprises shall take measures to manage, prevent, detect, and stop the spread of, malware and handle it at the request of competent state agencies.
5. The Ministry of Information and Communications shall assume the prime responsibility for, and coordinate with the Ministry of National Defense, the Ministry of Public Security and related ministries and sectors in, preventing, detecting, stopping and handling malware that affects national defense and security.”
Above is FDVN Law Firm's opinion for your consulting requests based on studying the relevant legal provisions. Hopefully, FDVN's advice would be helpful to you.
Legal advisor: Dinh Thi Thong
FDVN Law Firm
- Can paternal grandparents ban the mother to pick up her child(ren) to visit maternal grandparents after the divorce?
- CASE LAW NO.30/2020/AL REGARDING ACTS OF INTENTIONALLY DRIVING A VEHICLE OVER THE VICTIM AFTER A TRAFFIC ACCIDENT OCCURS
- CASE LAW NO.29/2019/AL REGARDING PROPERTY APPROPRIATED IN “ROBBERY”
- CASE LAW NO.28/2019/AL ON THE CASE OF MANSLAUGHTER UNDER PROVOCATION
- CASE LAW NO.27/2019/AL ON THE CASE OF ACCEPTANCE AND SETTLEMENT OF ADMINISTRATIVE CASES RELATED TO REAL ESTATE MANAGED AND ARRANGED BY THE STATE IN THE COURSE OF IMPLEMENTING THE HOUSING MANAGEMENT POLICY AND SOCIALIST RENOVATION POLICY BEFORE JULY 1, 199
- CASE LAW NO.26/2018/AL REGARDING DETERMINATION OF THE COMMENCEMENT OF THE STATUTE OF LIMITATION AND STATUTE OF LIMITATION FOR REQUESTING FOR DIVISION OF THE ESTATE BEING REAL ESTATES
- CASE LAW NO.25/2018/AL IN RESPECT OF RELIEF FROM DEPOSIT PENALTY DUE TO OBJECTIVE CAUSES
- CASE LAW NO.24/2018/AL REGARDING INHERITANCE CONVERTED INTO ASSETS UNDER THE LAWFUL OWNERSHIP AND USE OF INDIVIDUALS
- CASE LAW NO.23/2018/AL REGARDING VALIDITY OF THE LIFE INSURANCE AGREEMENT WHEN THE INSURANCE BUYER FAILED TO PAY PREMIUM DUE TO THE FAULT OF THE INSURANCE ENTERPRISE
- CASE LAW NO.22/2018/AL REGARDING NOT BREACHING THE OBLIGATION ON INFORMATION DISCLOSURE IN LIFE INSURANCE POLICY
- IS IT ILLEGAL FOR HOMEOWNERS TO COLLECT ELECTRICITY FARE AT A HIGH PRICE?
- FIDIC RED BOOK: A COMMENTARY (CONTEMPORARY COMMERCIAL LAW) – BEN BEAUMONT
- ACCOUNTING FOR PROFIT FOR BREACH OF CONTRACT – KATY BARNETT
- NORMATIVITY IN LEGAL SOCIOLOGY: METHODOLOGICAL REFLECTIONS ON LAW REGULATION IN LATE MODERNITY - REZA BANAKAR
- WILL BUSINESS HOUSEHOLDS NOT CARRYING OUT THE PROCEDURES FOR TEMPORARY CLOSURE BE FINED?
- A HISTORY OF INTELLECTUAL PROPERTY IN 50 OBJECTS 2019 – CLAUDY OP DEN KAMP AND DAN HUNTER