Posted on behalf of Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec Hosted Services A few weeks ago, when Symantec announced our 2010 Predictions, I stated in my accompanying blog post that what we’ve seen this year was ugly (highlight with link to post). As I’ve worked with my team to draft the MessageLabs Intelligence Annual Security Report, I now realize that was an understatement. What we’ve seen this year is in fact horrendous. But nevertheless, it keeps us on our toes as we scan billions of messages and web connections each week. While we’re always prepared for the worst, we can only anticipate what that may be. Looking back on it all in aggregation, is always a stern reminder that the bad guys are capable of more than we often give them credit for. In 2009, we stopped more than 21 million different types of spam campaigns in 2009, more than twice the amount seen in 2008, and saw a 23 percent increase in malware variants year-on-year. Such massive increases suggest that the increased availability of specialized criminal toolkits have made it easier to create, distribute and use spam and malware than ever before. And now for the Security Year in Review: Top Trends in 2009 Web Security: For 2009, the average number of new malicious websites blocked each day rose to 2,465 compared to 2,290 for 2008, an increase of 7.6 percent. MessageLabs Intelligence blocked malicious web threats on 30,000 distinct domains. 80 percent of those domains were established legitimate, compromised websites, the remaining 20 percent were new domains set up purely with malicious intent. Spam: In 2009 the annual average spam rate was 87.7 percent, an increase of 6.5 percent on the 2008 statistic of 81.2 percent. April saw a spike in image spam, accounting for 56.4 percent of all spam on 5 April, compared with annual average of 28.2 percent. Viruses: The average virus level for 2009 was 1 in 286.4 emails (0.35 percent) reflecting a 0.35 percent decrease on 2008 where levels averaged at 1 in 143.8 emails (0.70 percent). The decline can be attributed to the transition to developing more variants (23 percent increase in 2009 compared with 2008) but fewer malicious emails per strain (approximately 5,827 malicious emails per strain in 2009 compared to 10,436 emails per strain in 2008). Phishing: The number of phishing attacks was 1 in 325.2 (0.31 percent) emails compared to 1 in 244.9 (0.41) in 2008. More than 161 billion phishing attacks were in circulation in 2009. To download the MessageLabs Intelligence Annual Report in its entirety, please visit: http://www.messagelabs.com/resources/mlireports Follow us on Twitter: @MessageLabs