Windows applications continue to be key targets for hackers, according to the latest Top 20 list of Internet security vulnerabilities from The SANS Institute.
The number one spot on the information security training and certification group's list belongs to Microsoft's Internet Explorer. However, the report also highlighted zero-day vulnerabilities and attacks that go beyond Internet Explorer as the number one trend in its 2006 update.
The zero-day exploits are a key trend in the modern threat landscape and it's one that is becoming increasingly difficult to spot.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i "We came from a world of disruptive behavior with Web site defacements, worms and activities that were easy to see," Marc Sachs, director of the SANS Internet Storm Center, said on a conference call discussing the top 20 report. "In the last few years the trend has gone toward value orientation attacks, largely criminal. They don't want to be disruptive and they don't want to be noticed."
The way not to get noticed is by using attacks that haven't been discovered yet, and for which there is no means of defense, which, by definition, is a zero-day attack.
"While we've known about the phenomenon for years, here in 2006 we're seeing it actively used on the internet and the amount of activity will continue to increase," Sachs said.
According to the report, vulnerabilities in the Microsoft Office suite tripled compared to 2005. The report cited some 45 critical vulnerabilities found in MS Office products, nine of which were flagged as being zero-day exploits.