A recent study conducted by a non-profit organization, SANS, found that hackers are more or less turning away from operating system flaws and instead using applications to penetrate open systems.

SANS found that hackers are now targeting media players, messengers and browsers (Internet Explorer) to get into a system to generate illicit traffic requests and confidential information.

Microsoft software is still the number one target even in third party applications, but Apple’s iTunes, RealNetworks’s RealPlayer and Nullsoft’s Winamp is also on the list.

SANS said the reason for such a change in hacking methodologies is that more users are allowing auto-update functionality to update their systems whenever a patch is made available. It takes time, however, for people to update third party applications such as media players, since many of them don’t offer auto-update features.

"Operating systems have gotten better at finding and fixing things and auto-updating, so it's less fertile territory for the hackers," said Allan Paller, Chief Executive, SANS. Thus far, the organization has found more than 600 holes in various popular applications. Out of the 600, 20 are highly critical and aren’t patched on majority of the systems. This is not ignorance on the software company’s part, implied SANS, but users just fail to update their systems when it comes to other, non-integrated applications.

Server software from Oracle and Computer Associates is also on the target, but perhaps the saddest inclusion is that of anti-virus software. SANS found that that anti-virus software from Symantec, F-Secure, TrendMicro, and McAfee are also vulnerable to attacks.

Paller is disappointed by the statistics and said security firms should set a secure model of software implementation for others instead of falling prey to hack attempts.