AppRiver, LLC, a leading provider of e-mail messaging and Web security solutions, today released its year-end spam and virus report, State of Security 2009, along with its forward-looking Threat and Spamscape Forecast for 2010. The reports highlight spam and security trends from 2009, as well as key predictions for 2010.

AppRiver Senior Security Analyst Fred Touchette observes that 2009 was an active year for cybercrime, spam and both software and Web vulnerabilities. Highlights include:

Phishing remained a consistent threat with several campaigns targeting social networking sites and mimicking major banks, as well as the Internal Revenue Service, to dupe consumers at tax time;

Spammers exploited major current events such as the H1N1 flu outbreak and Michael Jackson's death;

Data breaches rocked Heartland and Countrywide;

Botnets like Conficker and Waledac made frequent headlines.

"2009 brought the return of Conficker, which turned out to be the biggest un-used botnet of the year," says Touchette. "It resurged quickly and spread fast, but its threat level paled in comparison to the lesser-discussed ZeuS Trojan, often from the Pushdo bot, which goes right for victims' banking credentials. The profit potential is huge for cybercriminals as Do-it-Yourself ZeuS Trojan kits are widely available on the black market for as little at $400."

AppRiver reports that e-mail-borne virus activity peaked in October 2009. During that month, AppRiver's spam filters quarantined an average seven million virus messages per day. Europe remained top region for spam origin in 2009, though Brazil topped the list of spam-producing countries with nine billion spam messages in 2009. Also noteworthy was the rise in spam output from Korea, which doubled in 2009 over 2008.

In 2010, Touchette believes mobile, cloud and zero-day attacks will continue to increase. Highlights from AppRiver's 2010 threat forecast include:

Personal data is very lucrative in the underground economy, and just as it was in 2009, it will continue to be a target for cybercriminals in 2010. Expect to see more custom malware designed for very specific purposes such as intercepting credit card purchase transactions and cardholder information.

The cloud will continue to be a target. Malware authors have already begun to host malicious code on major cloud based servers (e.g. Amazon's EC2). Expect to see more of this as well as attacks against the cloud itself, namely Google Wave this year.

Although still a niche market, anti-virus products for smart phones often offer full data back-up in case of loss or damage as a part of their service. This info is stored on the cloud. These companies may see targeted attacks against stored personal information.

The full State of Security 2009 report can be found at http://www.appriver.com/downloads/spam-reports/2009/AppRiver_SpamReport_2009-State-of-Security.pdf.

The full Threat and Spamscape Forecast for 2010 report can be found at http://www.appriver.com/downloads/spam-reports/2010/AppRiver_SpamReport_2010-Threat-and-Spamscape-Forecast.pdf.