According to a survey released on Monday by the SANS Institute, online criminals have turned their attention to antivirus software and media players like Apple Computer Inc.'s popular iTunes in an effort to find new ways to take control of users' computers. Malicious hackers exploit security holes to lift credit-card numbers and other sensitive personal information from a user's computer, or to send out spam and pornography reports Reuters. Hackers continued to poke new holes in Microsoft Corp.'s popular Windows operating system, the nonprofit SANS Institute found. More than 600 new Internet security holes have surfaced in 2005 so far. Of those, 20 were deemed most dangerous because they remain unfixed on a large number of Internet-connected computers even though software makers quickly made patches
"Operating systems have gotten better at finding and fixing things and auto-updating, so it's less fertile territory for the hackers," said SANS Chief Executive Alan Paller.
Various flaws in Internet Explorer and Microsoft Windows subsystems (such as a recent Server Message Block bug) make the top 20 list. These are joined by DNS caching flaws affecting a number of products from Symantec and Microsoft, media player bugs (RealPlayer, iTunes, WinAmp and Windows Media Players) and anti-virus product glitches (buffer overflow bugs in apps from Symantec, F-Secure, Trend Micro and McAfee).
In selecting the top vulnerabilities, SANS uses five criteria: The problem must affect a large number of users. It must remain unpatched on a substantial number of systems. It must allow the takeover of a computer by an unauthorized remote user. There must be enough information about the flaw available on the Internet to let attackers exploit it. And it must have been discovered or first patched during the first three months of the year.
