Black hats increasingly target apps

A major shift in Internet attacks is under way. "For 5 years, the majority of attacks targeted operating systems like Unix and Windows, and Internet services like Web servers and mail systems," notes a new study from SANS, a computer security education and information security training firm.

As of 2005, however, the latest vulnerability research finds attackers now favoring application attacks over OS attacks. At special risk are backup, recovery, antivirus and a variety of other security tools—the very tools companies "think are keeping them safe from attacks and from loss of data," SANS says. Yet, "many of those systems have been shown to have critical vulnerabilities."

Substantial research backs up SANS' assertions. For example, Rohit Dhamankar, the lead security architect of 3Com's TippingPoint division, notes that "we are seeing a trend to exploit not only Windows but other vendors' programs installed on large numbers of systems." The trend includes attacks directed at "backup software, antivirus software, database software and even media players."

Indeed, attackers often target the vulnerabilities that most easily allow them to subvert a PC, and "we are finding significant numbers of vulnerabilities in popular applications," says Gerhard Eschelbeck, CTO of Qualys, which conducts "weekly vulnerability scans, covering millions of computer systems in more than 20 countries."