A list - compiled by the SANS Institute in cooperation with security vendors such as TippingPoint and Qualys - underscore the 20 most critical vulnerabilities among 600 new Internet security bugs discovered in Q1 2005.
SANS uses five criteria to select the top vulnerabilities: The problem must affect a large number of users. It must remain unpatched on a substantial number of systems. It must allow the takeover of a computer by an unauthorized remote user.
There must be enough information about the flaw available on the Internet to let attackers exploit it. And it must have been discovered or first patched during the first three months of the year reports Business Week.
The findings show Microsoft Corp.'s popular Windows operating system
is still a favorite of hackers. On the upside or downside online criminals have turned their attention to antivirus software and media players such as Apple's iTunes as Microsoft makes an effort to thwart hackers with constant updates
"Operating systems have gotten better at finding and fixing things and auto-updating, so it's less fertile territory for the hackers," said SANS Chief Executive Alan Paller.
Malicious hackers exploit security holes to lift credit-card numbers and other sensitive personal information from a user's computer, or to send out Spam and pornography.
Vulnerable software listed by the SANS inclyde Internet Explorer, Microsoft Windows Media Player, Windows Messenger, MSN Messenger, XP SP (Service Pack) 1 and 2, Windows 2000 SP 3 and 4, Anti-virus products from Symantec, F-Secure, TrendMicro and McAfee, RealPlayer, iTunes and WinAmp Player.
The company has advised users to ensure that they have updated these software to avoid getting their PCs hacked into.
