In another daunting development, roughly 50 percent of the browser attacks observed by ISS' X-Force research team during 2006 used encryption to hide themselves and the data they attempted to steal, with the group expecting use of such tactics only to grow during 2007.

"Attackers have honed into Web browser vulnerabilities because the amount of protection people have to defend against these types of threats is not as advanced for many end users," said Gunter Ollmann, director of security strategy at IBM ISS. "In addition to the underground communities where exploits are being bought and sold, it's also become much easier for attackers to build engines that sit on Web servers and generate personalized browser attacks."

Ollmann said that such threat engines are being armed with increasingly sophisticated levels of programming logic, giving them the capability to look at the specific version of a browser someone is using and launch attacks specifically aimed at the programs. Malware code writers are also sharing libraries of IP addresses known to be used by security researchers to help avoid detection of their latest work, Ollmann said.

Another breed of emerging attack attempts to insert itself between end-users' keyboards and browsing programs to steal data and circumvent the security tools being added to the programs.

The so-called "man-in-the-browser" threats have already been found lurking in high-value online transactional systems operated by financial services companies, where they seek to intercept valuable information as it entered by customers, said Dr. Chenxi Wang, analyst with Forrester Research.