Almost all kit-created virus and malware infections are caused by the failure to update five specific software packages.
According to Danish security company CSIS, Windows machines are often infected because users forget to update the Java JRE, Adobe Reader/Acrobat and Adobe Flash.
During a three-month study, CSIS monitored 50 exploit kits on 44 unique servers/IP addresses. It found that in more than half a million user exposures, 31 per cent were infected with malware due to software not being updated with security patches.
It found the most vulnerable program to be Java JRE, with 37 per cent of users not updating it, followed by Adobe Reader and Acrobat (32 per cent) and Adobe Flash Player (16 per cent). These were followed by unpatched flaws in Internet Explorer (ten per cent), Windows HCP (three per cent) and Apple Quicktime Player (two per cent).
In terms of web browsers, Internet Explorer was the most infected, with 66 per cent of users vulnerable, followed by Firefox (21 per cent), Google Chrome (eight per cent), Safari (three per cent) and Opera (two per cent).
Of the infected Windows systems, 41 per cent of users were running XP, 38 per cent Vista and 16 per cent Windows 7. Five per cent used Windows 2003, and one per cent Windows 2000.
Peter Kruse, partner and security specialist at CSIS, told SC Magazine that he expected Java JRE to be in the top five, but with Adobe Reader/Acrobat in first place.