Although nearly 63,000 viruses have rolled through the Internet, causing an estimated $65 billion in damage, criminal prosecutions have been few, penalties light and just a handful of people have gone to prison for spreading the destructive bugs.

A Minnesota teenager was arrested Friday, accused of disseminating a version of “Blaster.” But investigators scrambling to trace that infection, along with “Sobig” and other computer viruses face a daunting challenge: an incredibly hard-to-track international crime set in an obscure and anonymous environment.

They also say they are hampered by antiquated laws and, for many years, a winking or even admiring attitude toward virus creators.

One person has been sent to prison in the United States and just two in Britain, authorities say. But the low numbers are “not reflective of how seriously we take these cases, but more reflective of the fact that these are very hard cases,” said Chris Painter, the deputy chief of computer crimes at the U.S. Department of Justice.

Beginning Nov. 1, the consequences will be harsher; the U.S. Sentencing Commission has written tough new punishments for certain types of computer crimes. A virus sender who intends to cause death — by tying up 911 emergency telephone lines, for example — could face a life sentence.

But the senders have to be caught first, and that, say prosecutors and computer security experts, can be almost impossible.

“If the perpetrator is semi-sophisticated, they can easily mask their trail,” said Elliot Turrini, former federal prosecutor in Newark, N.J.

He prosecuted David Smith, currently serving a 20-month sentence for sending a virus — “Melissa,” named after a stripper Smith knew. Smith, then 30, was captured with the help of AOL technicians, but not before his virus caused more than $80 million in damage.