So very true:

"At this point, 90 percent of email is spam, organized crime groups commonly siphon cash from the bank accounts of individuals and businesses on other continents, search engines are regularly harnessed to lure those browsing the web into purchasing fake security products and malicious applications are being created faster than legitimate software."

From Tom Kelchner via Sunbelt's blog.

A decade ago this week, security researchers were staffing 24 hour watch centers to deal with any fallout from Y2K incompatibilities or nefarious activities by malicious opportunists. In F-Secure's blog, Mikko Hypponen, Chief Research Officer for F-Secure, reminisces about the many faces of the Y2K challenge:

"An enormous amount of work hours and money was spent to fix these problems. And this work did not go to waste. The global Y2K project was a success; when January 2000 came around, most systems were already checked and fixed, and only minor problems were reported.

Unfortunately this wasn't enough. A huge hype had been generated around the problem. Mainstream media was forecasting major failures, power outages and rioting for 1st of January. And there was no shortage of salesmen trying to cash in with the hysteria."

Mikko also dissects the post-Y2K fallout and the misinformation that resulted, including the post-Y2K media whiplash that claimed "the whole effort to find the bugs was unnecessary to begin with". It's an interesting and enlightening read: F-Secure on Y2K.

As if being unemployed weren't bad enough, job seekers continue to be targeted by scam artists and criminals. In the latest example, criminals made bogus claims of job openings at F-Secure. For details, see: "Jobs and Money Mule Scams" on the F-Secure blog.

It's that time of year when vendors push their annual security predictions. Usually these are pretty ho-hum and, well, predictable. Whatever happened last year is presumed to get worse next year. There will be more social engineering attacks, more malware, iPhone attacks will escalate...You get the point.

This year, however, Symantec Hosted Services puts a new twist on the same old holiday dish. Instead of rehashing what you can expect in the coming year, SHS looks to the future from the standpoint of the attacker, asking "if you were a cybercriminal, what would be your resolution for the New Year?" Here are the Symantec Hosted Services insights:

1. Control the strongest botnet - Botnets ruled the cyber security landscape in 2009, with the 10 major heavyweight spam-sending botnets, including Cutwail, Rustock and Mega-D, now controlling at least 5 million compromised computers. With these compromised computers issuing over 83 percent of the 107 billion spam messages distributed globally, we can expect botnets to get bigger, stronger and more intelligent in the year ahead.
2. Crack the CAPTCHA -  CAPTCHA breaking tools have allowed cybercriminals access to an unprecedented number of webmail, IM and social networking websites. With a new crop of more sophisticated CAPTCHAs on the horizon - some involving images and animation - it will be increasingly difficult for the bad guys to solve these puzzles with an automatic computer program.
3. Brush up on my pop culture - World events, news, and holidays always spark a bad guy's imagination. In 2009, spammers and malware writers jumped on the news of the H1N1 virus and the death of Michael Jackson. Expect to see more celebrity names in you junk folder next year!
4. Discover the next big social network - The popularity of social networking and micro-blogging sites have led spammers to use short URLs in their spam emails. In 2009, over 90 percent of spam contained a URL and there was an upsurge of short URLs in the 2nd half of the year. Short URLs hide the true website behind the link, yet are trusted by millions of people who use them to share photos and news online. New social technologies will lead to even more creativity on behalf of the bad guys.
5. Learn a foreign language -- Automated translation services allow cyberciminals to target their attacks in local languages. While spam over 95 percent of spam is in English, the last year has seen significant increases in spam in countries where English was not the primary language. After English, the most common languages for spam (in order) are French, Portuguese, Russian and German. Spam levels in Germany and The Netherlands increased by 13% since the beginning of the year, with spam now accounting for in excess of 95% of all emails.