Overall, Microsoft is the vendor that tops the list in percentage of vulnerabilities disclosed, the report said. The Macintosh and base Linux kernel operating systems have dominated the top spots for vulnerabilities by operating system over the past three years, the report said. There were no breakdowns by vendor or operating system for unpatched vulnerabilities.
Most of the spam last year appeared to come from Russia (12 percent), followed by the U.S. (9.6 percent), and Turkey (7.8 percent), although the spam senders could be located in a different location, the report says.
China unseated the U.S. as the country hosting the largest number of malicious Web sites for the first time last year.
Meanwhile, 46 percent of all malware attacks last year were Trojans targeting people playing online games and doing online banking, and 90 percent of phishing attacks targeted financial institutions, according to the report.
Two main trends attackers used last year were SQL injection attacks, in which a small malicious script is inserted into a database that feeds information to the Web site, and malicious URLs hosting exploits.
Updated 2:25 p.m. PST to add that report does not list which vendors and operating system platforms had the most unpatched vulnerabilities.
Originally posted as "IBM report: Vulnerabilities still going unpatched" by Elinor Mills on CNET News.com.