This reason, along with the data security issues that can be introduced when Google Desktop isn't configured to bar users from inadvertently sharing search information with outsiders, poses serious questions for corporate IT administrators who must decide whether to allow people to use it in the office, according to the analyst.

"The major concern is that while Google isn't an enterprise software vendor, programs it makes, including Google Desktop, are ending up on a lot of enterprise desktops," Pescatore said. "Google doesn't expose how it does patches like Microsoft, so how does an enterprise even know if their users are working with the version that has been fixed?"

As malware writers and phishing scheme operators continue to hone their attacks to steal smaller amounts of valuable data from pools of targeted users, and move further away from the massive worm viruses of years past, the IT world will see more XSS threats.

"There will be more funded cyber-crime attacks aimed at specific companies and groups of users, and the size of the threats is such, by design, that they won't land on the six o'clock news," Pescatore said. "The perpetrators will continue to increase the volume of these types of threats, and cross-site scripting and targeted phishing will likely be among their favorite formats for doing so."