As 2009 comes to a close, we look back on the bugs of our days. The past few months have seen some interesting attacks. This talk takes a look at some of the most effective attack vectors of 2009. These, coupled with classic web hacking, social engineering and a bit of cleverness, increase the attack surface manifold. This year, my work goes beyond just browsers and looks at examples of mass ownage, new infection vectors, advanced client-side exploitation, malicious payloads, browser infection with toolbars and more.