Of 900 organizations surveyed, 36.8% said they were victimized by one or more browser-based attack, up from 25% last year.
A browser-based attack is essentially malicious code contained within a Web page that appears harmless. The attacker uses the browser and user systems permissions to sabotage or disrupt computer functions.
In February, a Frame Exploit was discovered that grabs keystrokes. Microsoft last patched Internet Explorer in February against the URL spoofing exploit.
Ken Dunham, director of malicious code at iDefense, was not surprised by CompTIA's finding; his firm has also noted a dramatic increase in malicious code delivered via Web browsers.
"This should not be a surprise to anyone in the computer security world, but may surprise some home users," Dunham said. "With the number of successful exploits against various IE vulnerabilities in recent months it's a huge problem."
See the complete story on internetnews.com.