The most exploited vulnerabilities tend to be Adobe Reader and Internet Explorer, but a rising target for exploits is Java, according to a report to be released on Wednesday by M86 Security Labs.
Of the 15 most exploited vulnerabilities observed by M86 Security Labs during the first half of this year, four involved Adobe Reader and five in Internet Explorer, the lab wrote in its latest security report for January through June 2010.
Also on the Top 15 list were vulnerabilities affecting Microsoft Access Snapshot Viewer, Real Player, Microsoft DirectShow, SSreader, and AOL SuperBuddy. Most of the exploits observed had been first reported more than a year earlier and were addressed by vendors, "highlighting the need to keep software updated with the latest versions and patches," the report said.
"Java is the next low-hanging fruit for attackers," says Marc Maiffret, chief technology officer at eEye Digital Security.
The report also provided details about spam, which it estimates now represents 88 percent of all inbound e-mail to organizations, while most of the spam (nearly 81 percent) is in the pharmaceuticals category, primarily the "Canadian Pharmacy" brand.
The spam information corresponds for the most part with findings of a study released on Tuesday by Proofpoint and CommTouch, which reports that there were an average of 179 billion spam or phishing e-mails sent each day during the second quarter of 2010 and that pharmacy ads were the leading spam topic.
Meanwhile, the top fake "from" domains used for spam were gmail.com, hipenhot.nl, yahoo.com, 123greetings.com, hotmail.com, and postmaster.twitter.com, according to the Proofpoint/CommTouch report.