Programs looking for vulnerabilities are reported to be scanning the net

Security firm Qualys has begun producing a real-time index of the vulnerabilities that are the current favourites of the net's community of malicious hackers.

The index is created by scanning some of the thousands of networks that make up the internet and logging which vulnerabilities are getting attention.

The index comes as the net braces itself for a possible attack based around a recently discovered vulnerability in Microsoft's Windows.

Security list

Many of the biggest security problems that the net has faced over the past few years have been based around computer vandals exploiting vulnerabilities in computer software to take over machines or use them as proxies for other types of attacks or as launch pads for web worms.

Lists of the latest vulnerabilities and what to do about them are maintained by organisations such as Incidents.org, the Computer Emergency Response Team (Cert) and Bugtraq among others.

Security firm Qualys is now producing a real-time list that reveals the top 10 vulnerabilities currently being exploited by computer vandals and criminals.

The hit list of vulnerabilities is produced by taking information from the many networks that Qualys' customers operate and seeing which software bugs are receiving attention.

Currently top of the list is the Microsoft DCOM vulnerability that many security experts fear could soon be used to help launch a disruptive web worm attack.

This bug was found at the end of July and affects the way that Windows shares files across networks. The US Department of Homeland Security has issued a warning about the bug.

Programs that look for the vulnerability are reported to be scanning the net for computers that have not been patched and could be attacked and taken over.