Online criminals shifted their attacks in 2005 from computer operating systems such as Windows and others to media players and software programs, according to a study released Tuesday.
Among the software programs that attackers are now targeting are anti-virus software as well as programs used to listen to online audio and video programming, according to the SANS Institute, a nonprofit research group based in Bethesda, Md.
Attackers are changing their targets after Internet service providers and operating systems designers such as Microsoft started shoring up their systems following a barrage of worms, viruses and other online threats in recent years. (MSNBC is a Microsoft - NBC joint venture.)
The group's "SANS Top20" report identifies the 20 most targeted software flaws that criminals use to infiltrate computers.
Top Windows vulnerabilities include Microsoft Corp.'s Internet Explorer Web browser and Windows Office and Outlook Express. The report also listed Apple Computer Inc.'s Macintosh operating system as a top vulnerability among Unix operating systems.
Apple's OS X operating system is based on Unix, a heavy-duty operating system used principally in corporate data centers and high-powered computers.
Network devices such as routers and switches that direct Internet traffic also are being targeted, SANS said. Cisco Systems Inc. made the list with its "IOS" router product line.
"Network devices often have on-board operating systems and can be programmed like computers," the group said in a statement. "Compromises of network devices can provide attackers one of the most fruitful platforms for eavesdropping and launching targeted attacks."
SANS released the study in cooperation with the U.S. Department of Homeland Security's Computer Emergency Response Team, the UK's National Infrastructure Security Co-Ordination Centre and Canada's Cyber Incident Response Centre.
