Despite being a crucially important domain for states, businesses, and individuals, cyberspace still suffers from a regulation deficit. This article takes up one such dangerously underregulated area: cyber warfare and regulation of cyber weapons. For that purpose, the authors first analyse the threats posed by weaponised malicious code, including some examples of its use and potential considerations that could sway states towards engaging in a multilateral cyber weapons regulation regime. These considerations are then converted into some major principles and points to be regarded should a potential cyber weapons convention be contemplated. These are subsequently further elaborated in light of the Chemical Weapons Convention, particularly with regard to specific provisions and possibility of adoption. The article concludes with the assertion that an international agreement is feasible in principle, but its focus should be on regulating the ways of employing cyber weapons rather than on the specific weapons themselves.