A booming cyber crime market is driving the growth in zero-day attacks, which are used against Web browsers and enterprise applications by Oracle, Symantec, and others to access sensitive data, SANS said.

After warning in November that hackers were turning their attention to security holes in applications, SANS again found that application attacks are on the rise, said Rohit Dhamankar, project manager for the SANS Top 20 and a lead security architect at TippingPoint, a division of 3Com.

In the last six months, malicious hackers have shifted from looking for holes in Windows Services, like the Local Security Authority Subsystem Service (LSASS) hole that gave birth to the Sasser worm. That decline was offset by an increase in holes in client side software such as Web browsers, e-mail clients, productivity tools and media players, he said.

"We haven't had vulnerabilities that lead to worms like Zotob or Sasser, but we have seen a large number of vulnerabilities in IE and other programs," Dhamankar said.