"The majority of the attacks carried out by 2008's top 100
pieces of malware were caused by users surfing to malicious sites
and then accepting some kind of download, Trend Micro Inc.
researchers said today.
"From Jan. 1 to Nov. 25, the top 100 attack programs infected
53% of their victims by duping them into downloading something from
the Internet. An additional 12% of the infections tracked globally
were caused by users opening e-mail attachments.
"Just 5% of the infections were related to an exploit of a
software vulnerability, according to Trend Micro's analysis."