In 2010, spam volume is expected to rise 30 to 40 percent worldwide over 2009 levels.

Money and large sucker pools attracted increased  attention by Black Hats this year and will continue to do so in the next, according to Cisco Systems’ 2009 Annual Security Report released this week by the company.

When the infamous bandit Willie Sutton was asked why he robbed banks, he told his interviewer, “Because that’s where the money is.” The same seems to be true of Internet highwaymen.

         ”Online criminals show every sign of continuing their campaign to steal lucrative financial login information–and they’re growing ever smarter and more sophisticated with their tactics,” the Cisco report noted. “The Zeus and Clampi botnets, which steal online account credentials with a focus on bank accounts, have gained in size and strength in recent months, and no doubt will continue to do so throughout 2010.”

The report also identified a new wrinkle in the malware genre that will make many consumers think twice before heeding those pleas from their banks to ditch paper statements.

          “A newer entry on the banking Trojan scene is URLZone, which exhibits new methods to shield itself from detection by computer users,” the report explained.

          “When the criminal using the Trojan makes a transfer from a victim’s bank account,” it continued, “the Trojan can alter the online bank statement to disguise the fact that an illegal transfer has occurred. Victims who check their bank accounts online only, instead of reading paper statements, would not realize their money had been stolen.”

In addition to money, nothing attracts cyber criminals like large pools of vulnerable Websters. And they’re finding them on social networks.

          “The high levels of trust that users place in social networks–that is, users’ willingness to respond to information appearing within these networks–has provided ample opportunity for new and more effective scams,” the report said. “Instead of searching out vulnerabilities to exploit, criminals merely need a good lure to hook new victims.”

          “For example,” the report continued, “an individual who is masquerading as a trusted social networking colleague could convince a user to visit a malware-laden website or pay for fake anti-virus software or spurious weight-loss remedies. Simply put, social media has been a tremendous benefit for the creators of online scams.”

The problems social networks created for businesses this year will grow next year as the networks themselves expand, according to the report.

         “Throughout 2009, the explosive growth of social media has been fueled by business’ embrace of these tools–in other words, social networking’s popularity has extended far beyond young people, who were the early adopters,” Cisco reported. “This exponential growth is expected to continue into 2010, as more organizations realize that having a presence on social networks is a need-to-have, not a nice-to-have.”

         “A few years ago,” the report continued, “businesses enthusiastically adopted Second Life and other virtual communities for social networking, but this trend fizzled out. The new generation of social media offerings promises much more staying power in the business community.”

The report flagged a particular problem with some social networks: their limitation on the number of characters their members can use in a message. That encourages the of “short URLs” to save space. Those URLs create security problems because they hide their destination from surfers.

          “Organizations that are raising their profile on social networks and want to encourage web users to follow shortened links are advised to generate their own short URLs and host them on their own domains,” the report recommended.

          “Computer users can also protect themselves against malicious links by installing widely available add-ons for their web browsers,” it added. “[T]hese add-ons will display the full URL that is masked by the shortened URL.”

Add-ons cited by the report include Long URL Mobile Expander for Firefox, among many others. In addition, some services like TinyURL.com offer their own full URL preview features.

The report also predicted that spam volumes in 2010 would increase by 30 to 40 percent over 2009. Some 90 percent of that spam will be “easy spam.”

         “This is the untargeted spam that floods inboxes with messages that appear to originate from various banks, pharmacies, educational institutions, and service providers,” the report explained. “Scammers hope to convince the unwary to click through to a malware-laden site or a scam site for pharmaceuticals.”

The remainder of the spam load is “hard spam.” That cyber junk is targeted at more specific targets. such as corporate domains or individual corporate executives.