As economic activity accelerates the problem of junk e-mail is developing into a serious problem for business, writes Karlin Lillington

It arrived in e-mail boxes over the weekend, designed to startle computer users into clicking on what purported to be a video of a US missile strike against Iran and the start of a third world war.

Seasoned e-mail users probably guessed what it was - a spammed communication with an attached form of virus called a trojan (because it secretly enters a computer, then executes its payload). They wisely hit delete, probably without ever reading the contents and without executing the attached file.

For those who fell for the ruse, and didn't have adequate protection on their PCs, welcome to the botnet. Your PC has very likely been taken over for use by criminal gangs who will use it to send out further malicious or fraudulent e-mails or otherwise cause problems for computer users and websites.

Many such botnets are ultimately rented out to spammers, who use them to bring even more unwanted e-mail into the world's inboxes.

"Increasingly, we are seeing spammers moving from being one-man bands to criminal gangs, and that is causing a huge increase in spam," says Phelim O'Connell, managing director of IE Internet, an Irish hosting and security company that tracks spam attacks in Ireland.

"Spammers are no longer guys in a trailer park, trying to sell Viagra, but gangs hiring out their services." They are also, as the third world war e-mail demonstrates, increasingly sophisticated in choosing topical subject lines that will encourage recipients to open their e-mails.

In January, another trojan flooded into Europe directly in the wake of that month's serious storm, purporting to carry video about storm-caused death and destruction, and carrying subject headers such as "230 dead as storm batters Europe". Internet security companies like F-Secure, which track the spread of such viruses, said the European storm virus was highly successful.

The first incidences of the trojan were spotted on monitored networks in Kuala Lumpur and spread rapidly across the globe - indicating millions of computers were probably added to botnets.

Attacks tend to come from countries where broadband links are plentiful, as a PC with an always-on broadband connection is not only ideal for launching attacks but also vulnerable to attacks; many people never use a firewall to protect their connection, believing anti-virus software is all they need.

Wireless networks are often left open and vulnerable too, which can lead to spammers driving around until they find an open wireless connection and launching an attack through it, O'Connell says. And those whose computers end up on botnets may find their own e-mails don't get delivered because their supposed spamming causes their internet protocol address - the series of numbers that forms the internet address of their computer - to end up on global ban lists.

O'Connell claims 25-35 per cent of all Irish computer users end up on such lists at one point or another, often fleetingly. But, he notes, businesses have found their e-mails bouncing back to them for this reason. IE Internet has set up a free blacklist service where computer users can check whether they are on a ban list, at www.blacklist.ie.

Security companies from Sophos and F-Secure to Symantec all say that gang involvement is upping the rate of spam e-mail.

Last month saw the heaviest volume of spam ever - junk e-mail comprised over 60 per cent of the average inbox, according to IE Internet.

US technology analyst IDC estimates that sometime this year, spam will outnumber the legitimate communications people receive. That makes it far more than a minor annoyance, especially because so much spam these days has a fraudulent intent,whether it be 419 scams (so called for the country code for Nigeria, where many of the scams originated) or "pump-and-dump" scams, where recipients are tipped off to a supposedly hot penny stock. If enough people buy and the share price rises, the scammers sell their shares at a profit and the price crashes.

US based Nucleus Research this week estimated that spam costs US firms $71 billion (€52.6 billion) annually, or some $712 per employee.

Nucleus said that filtering tools are getting better at catching spam, but two out of every three spam e-mails still reach the inbox. That's depressing news for businesses and home computer users.

Meanwhile, an entire black market is being created around the stuff. O'Connell says special "bullet-proof hosting services", many of them in China, offer hosting for the transient websites and domain names from which spammers sell their drugs, cigarettes, pornography and other wares.

Can spam ever be stopped? O'Connell feels better technical controls will emerge, but notes that volumes would quickly drop if hosting companies and ISPs followed best practice in the way they configure servers and manage e-mail for clients.