The BBC notes that virus writers layed off the whole “build a virus to destroy the world” bit this year, and instead produced targeted “product” that would make them some money.
I believe we are looking at market forces on the move. First, malicious code writers [cheaply] test widely distributed vulnerabilities, and take notes while everyone scrambles to fix the problem. They go back to the drawing board while spammers and phishers (usually less technologically adept than a hardcore virus writer) pick up the slack. Next they do small tests of vulnerabilities, to see if they can make some dough from it. They take notes while people scramble to fix more obscure issues.
Their New Year’s resolution? Create widely distributed, money making opportunities based on all those notes.