More than ever, software from Apple Computer is being targeted, Dhamankar said. "Its part of the shift to application (attacks). You've got zero-day (vulnerabilities) reported in Mac OSX and (Apple's) Safari browser. People can browse Web sites with a Mac and get infected," he said.

Mac OS X machines are still far safer from Internet based attacks than Microsoft Windows, but it's not bullet-proof, contrary to the beliefs of some of Apple's staunch supporters, Dhamankar said.

Often, flaws in file format handling open the door to application hacks, as with the recent Windows Metafile (WMF) and Windows Address Book holes, Dhamankar said.

Media file formats for Apple QuickTime, Windows Media Player, and products from RealNetworks and Macromedia are also popular specimens for online criminals and malicious hackers, SANS said.

The volume of new holes is daunting. More than 100 such vulnerabilities, including cross site scripting and SQL injection flaws, might be discovered in a single week. The time between their discovery and their use in attacks is also diminishing, he said.