Attackers switching to applications, media players

Online criminals are shifting their attacks from operating systems to media players and software programs.

Online criminals shifted their attacks in 2005 from operating systems such as Windows to media players and software programs, according to a study released Tuesday.

Among the software programs under attack are antivirus software, according to the SANS Institute, a nonprofit research group based in Bethesda, Md.

Attackers are changing their targets after Internet service providers and operating systems designers such as Microsoft started shoring up their systems following a barrage of worms, viruses and other online threats in recent years.

The group's report identifies the 20 most targeted software flaws that criminals use to infiltrate computers.

Top Windows vulnerabilities include Microsoft's Internet Explorer Web browser, Windows Office and Outlook Express. The report also listed Apple Computer's Macintosh operating system as a top vulnerability among Unix operating systems.

Apple's OS X operating system is based on Unix, a heavy-duty operating system used principally in corporate data centers and high-powered computers.

Network devices such as routers and switches that direct Internet traffic also are being targeted, SANS said. Cisco Systems made the list with its "IOS" router product line.

"Network devices often have on-board operating systems and can be programmed like computers," the group said in a statement. "Compromises of network devices can provide attackers one of the most fruitful platforms for eavesdropping and launching targeted attacks."

SANS released the study in cooperation with the U.S. Department of Homeland Security's Computer Emergency Response Team, the U.K.'s National Infrastructure Security Coordination Center and Canada's Cyber Incident Response Center.