A report released by the SANS Institute Wednesday showed a sharp increase in attacks on all three fronts this year, along with a surge in zero-day attacks and security threats associated with the use of voice over IP.

The trends were highlighted in SANS's annual update to its list of top 20 Internet security vulnerabilities, which reflects the consensus opinions of more than three dozen security researchers and agencies, including the U.S. CERT and the Department of Homeland Security.

The attack trends suggest a continued shift away from the "noisy," attention-grabbing virus and worm attacks of the past to more covert attacks via Trojans and other malware, Alan Paller, director of research at SANS, said this morning at a news conference where the list was announced.

"There has been a large downturn in the number of alerts we have been pushing out" related to traditional bugs, said Roger Cumming, director of the National Infrastructure Security Coordination Center in the U.K. At the same time, there has been a "marked increase" in the amount of Trojan horse attacks typically delivered via e-mail with malicious attachments, he said. Hackers increasingly are "moving towards developing exploit code with a specific purpose," he noted.

Often, those responsible for developing and delivering such malicious code are different from the "attack sponsors" behind the attacks, Cumming said. "The crime bosses do not themselves have the skills, so they canvass and pay large amounts of money to hackers" willing to develop malware, he explained.