The most important element in information security is the people involved. The best-considered security can be undermined if users share their passwords or allow outsiders to gather sensitive configuration details. Perhaps the most obvious of "user-related problems" is caused by people opening virus attachments in emails - now the most common way for malicious software to make its way into and through protected networks.

In fairness to the users, these virus attachments have become increasingly persuasive. Yes, there are still a number of the primitive and clumsy email messages similar to the "I Love You" attack and related versions - including a recent spate of messages inviting users to visit particular web sites to chat with sexy young people - from where a virus could be surreptitiously downloaded onto the user's computer. But increasingly these viral emails are using more imaginative tricks.

One recent development is the inclusion in message texts of the Norton or McAfee corporate logo and the "Attachment scanned by antivirus" footnote - to persuade the recipients that the attachments should be trusted.

Another trend is for the messages to be "email undeliverable" returns, with the "original message" included as the attachment, apparently from entirely plausible email addresses such as the email administrator address at NTL World or a large organisation.

A third trend is for the text of the message to be more sophisticated and for the origin of the email to be entirely plausible. For example, last week I received just such a message with the subject heading "Online User Violation", from support@btinternet.com, telling me that, unless I completed and returned the attached form, my email account would be suspended because of an account violation. Included in the message text was the "Attached scanned with Norton antivirus" footnote, and the attachment was a Zipped text file - supposedly a form for me to complete.

The transmission and infection mechanisms for viruses - or rather, for worms - have therefore become increasingly sophisticated, but what of the worm programs themselves? Well, no surprise to observe that the worms have become more and more powerful. The email message I described above was infected with the new "Mytob" worm, which acts as a covert backdoor onto an infected computer - to allow it to be controlled remotely - and which supports mass email services.

These worms create so-called "botnets" - networks of computers capable of being controlled by a single hacker, who can use the system for themselves or can hire it out: to spammers to increase the power of their direct mailing provision; and to organised criminals, who can use the networks in support of their denial-of-service blackmail attempts.

It seems that criminal hacking is coming of age - and we should all be worried and careful to ensure that we don't become the weakest link in the chain.