Businesses are under attack, says MS security head

One such tool available now automatically reverse-engineers patches, creates an exploit and launches attacks, he said, allowing any non-tech savvy user to become a potential cyber criminal.

"These tools are so good I'm afraid we'll see more zero-day attacks," Aucsmith said.

For users, already tormented by a string of high-profile viruses threatening to compromise their systems, this could be chilling news.

According to a survey released Tuesday by the U.K.'s National Hi-Tech Crime Unit, U.K. businesses are estimated to have lost billions of pounds last year due to computer crimes, and they are not alone. Businesses worldwide are grappling with increasingly sophisticated cyber threats.

While law enforcement officials are encouraging users to report cyber crime and do what they can to shore up their systems, vendors say that they are doing their parts to make their products more secure.

Besides encouraging users to upgrade to more secure versions of its software, Microsoft is working on improving its patching procedures, Aucsmith said.

The company already switched from a weekly to a monthly patch release cycle to reduce user work, but is also working on delivering a regular Microsoft Update that includes fixes to all its software instead of the current Windows Update patch.

Additionally, Microsoft plans to make all of its patches reversible, in case users want to unapply them, and patches that can be applied without having to reboot systems, he said.

The company is trying to move away from patching as a tactical defense, Aucsmith said, and Microsoft Chairman Bill Gates is expected to make an announcement at the RSA Conference in San Francisco this week that will move users in this direction.

Although Aucsmith declined to give details of the announcement he said that it would entail a more targeted use of antivirus and firewall products.

The e-Crime Congress runs through Wednesday.