As we move into the holiday season, it’s our practice to take a look at security threats over the last year and give some thought to the year to come. I had the privilege of hosting a webcast roundtable today with panelists Dr. Zulfikar Ramzan of Symantec’s Security Technology and Response team and Paul Wood from MessageLabs’ Intelligence. You’ve often heard Zulfikar quoted in stories about emerging new threats such as the latest viruses, malware and online fraud and Paul authors our monthly MessageLabs reports in addition to providing security intelligence to the public.

Among 2009’s most pervasive internet security trends:

• Drive-by-downloads - where victims innocently become infected just by visiting websites that have been compromised by hackers.
• Rogue Security software - we just issued a report on the growth of this problem, citing more than 250 variants of fake antivirus scamware.
• Social networks become a popular attack environment where millions of victims visit multiple times a day and demonstrate greater trust in the content they receive from trusted “friends”.
• Current events provide fuel to cybercriminals seeking to bombard us with spam and poison search results for topics in the headlines: Michael Jackson and other celebrity deaths, holidays such as Valentine’s Day, sports events such as NCAA’s “March Madness”.
• Conficker’s strength and ability to spread despite widely available protection from vendors such as Symantec was noteworthy.
• Data breaches and employee’s willingness to steal data continues to be a corporate security issue.

Looking to the future, expect to see more variations on these themes as well as stepped up attacks on new operating systems, mobile and industry-specific operating environments such as bank ATMs and voting systems. Botnets haven’t gone away though distribution methods continue to evolve.

The best advice for consumers hasn’t changed! Maintain top notch security software on all your computers, be savvy about sites you visit and urls you click. Better to avoid links in email, IM, social networks and microblogging until you verify with the sender their authenticity. A moment’s hesitation can save you!

You can find a link to the webcast here at the Security Response blog page but it won’t be posted until tomorrow.