Online attackers are increasingly use zero-day flaws and targeting a wider array of applications, according to the annual Top 20 Security Attack Targets report from the Sans Institute. 

Zero-day exploits target undisclosed or recently discovered vulnerabilities which have yet to be patched.

The attacks are often not detected by security software, and can be much more effective in compromising systems and installing malware.

Although Microsoft's Internet Explorer is still a favourite target, attackers are increasingly switching to other applications.

The Sans Institute reported a threefold increase in the number of attacks targeting Microsoft Office in 2006.

The organisation spotted 45 vulnerabilities in Office classified as either 'serious' or 'critical', nine of which were also reported as active zero-day exploits.

Excel and PowerPoint experienced sharp increases in the number of reported vulnerabilities.

Sans attributed this in part to the prevalence of Office and the fact that the suite does not have as much security protection as programs such as web browsers.

The report also pointed to a rise in attacks against two emerging technologies: VoIP and web-based applications.