Cyber criminals are assembling the biggest botnet for over two years – already close to a million PCs – online security experts have told vnunet.com.

No one knows yet exactly what nefarious activity the army of captive PCs will be used for. But the chances are it will be a massive onslaught of phishing aimed at defrauding web consumers in the run up to Christmas.

Botnets are distributed networks of zombie computers, usually broadband-connected home PCs, recruited into criminal service, unbeknown to their owners, by infection with a Trojan virus.

Once assembled, a botnet is hired out, for example, to launch a phishing attack of email messages to online banking customers intended to dupe them into revealing their security details.

Botnets have also been used to launch distributed denial of service (DDOS) attacks where a criminal bombards an online company's systems with communications preventing them from conducting business. The criminals then extort money from the company to stop the attack.

The last time a botnet of nearly a million PCs was assembled was to launch the Netsky virus attacks in July and August 2004.

Since then, botnets have been shrinking steadily to a maximum of around 20,000 PCs. This reduction is not due to better online security, but because the cyber criminals have learned that such large-scale attacks draw too much attention.

"Fraud through spam and phishing is still very lucrative for cyber criminals, " Mark Sunner, chief technical officer at security firm MessageLabs told vnunet.

"We expect to see an increase in activity before Christmas when consumers are in a buying mood and more likely to be targets."

Sunner says the super-size botnet is spread among computers across the globe. MessageLabs experts have watched it being assembled over the last few weeks, but don't know who is behind it.

MessageLabs' internet report for September shows that one in 89 messages intercepted by its email filters is malware, and more than half this is a phishing attack. In August, phishing attacks were 30 per cent of malware, and in July 20 per cent.

October's report, due shortly, is expected to show another sharp rise.