Security experts at SANS unleashed their Top 20 list today covering the top 20 cyber threats for 2005. Traditionally, attacks targeted operating systems like Windows and Unix or services like web servers and mail systems. This year, attacks went after application programs.
"We are seeing a trend to exploit not only Windows, but other vendor programs installed on large numbers of systems," says Rohit Dhamankar, lead security architect at 3Com's TippingPoint division.
Foreign governments are the primary threat to the U.K.'s critical national infrastructure because of their hunger for information, a British government agency said.
The National Infrastructure Security Co-ordination Centre said on Tuesday that the most significant electronic threats are content-based, targeted, Trojan horse e-mail attacks from the Far East.
"Foreign states are probing the CNI for information," said Roger Cummings, the director of NISCC, speaking at SANS Institute's launch of its Top 20 Critical Internet Vulnerability Listing in London.
Exploit code for a critical flaw in fully patched versions of Microsoft Corp.'s Internet Explorer browser has been released on the Internet, putting millions of Web surfers at risk of computer hijack attacks.
The zero-day exploit, posted by a U.K.-based group called "Computer Terrorism," could allow a remote hacker to take complete control of a Windows system if the victim simply browses to a malicious Web site.
ONLINE criminals shifted their attacks from operating systems to media players and other software in 2005, a new study has found.
Among the software programs that attackers are now targeting are anti-virus software as well as programs used to listen to online audio and video programing, the non-profit SANS Institute reported.
Attackers are changing their targets after internet service providers and operating systems designers such as Microsoft started fixing their systems following a barrage of worms, viruses and other online threats in recent years.