Hackers are increasingly using attacks that exploit browsers rather than trying to batter through firewalls and other network protection devices, according to security firm Symantec.

Nearly half of the vulnerabilities reported by Symantec in its six-monthly Internet Security Threat Report covering July to December 2004 centre on web applications, and the numbers are rising quickly. Last year such threats accounted for barely a third of all vulnerabilities.

"These web attacks are the wave of the future," said Olaf Linder, director of Symantec's security services.

"They allow hackers to go straight through the browser, which is where most people input their data anyway. All the firewall protection for servers will not stop the individual losing their machine."

Information is till the key target for hackers. Over half of the top 50 malicious codes detected last year were designed to capture personal information, and a third of those on the list were Trojans that would allow remote access to an infected PC.

Malicious code is also moving onto mobile devices with increasing speed. The report recorded 21 separate viruses for mobile devices in the last six months of 2004 and warned that they are becoming increasingly efficient.

The report also highlighted a potentially devastating problem for music companies, in that hackers are working on methods of embedding malware in music files.