The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Vendors in the Magic Quadrant are evaluated based on ability to execute and completeness of vision.

All of us at Zscaler are immensely proud of achieving the most visionary position in the "Leader's" quadrant of the latest Gartner Magic Quadrant for Secure Web Gateway products and services. This recognition of not only our unique technology and cloud architecture, but also of our ability to bring our service to a global market validates all our efforts and shows that we're a serious contender in the security market.

The full report can be downloaded from our web site at http://www.zscaler.com/magic_quadrant_2011.html.

Fraudsters wasted little time running scams based on the death of Osama bin Laden, so it's no big surprise that they are now running cons based on the conspiracy theory that the former head of al Qaida is alive.

More Osama scams, this time using Twitter as the initial vector.

Crooks using online games to farm virtual currencies that they can sell for real money have turned internet spaceship game Eve Online into a battlefield for botnets.

Gamers beware... it's not just Facebook that's full of trojans and scammers.

360.cn was developed by Qihoo, a Beijing-based community search company. There has been some controversy surrounding Qihoo and its 360 security suite, such as it reporting other anti-virus software and search tools as being malicious (reference) and doing QQ (IM/chat) session hijacking (reference). Within the past year of Qihoo going public, there have been further controversies - including reports of the company spying, hacking, and leaking data (reference). And then there are the rumors that the 360 software includes spyware - and that they may have affiliations with PRC Gov't to track, monitor, and police user's online activity (reference).

As Mike points out, this is a tough and controversial question. An interesting read, and likely to provoke a lively discussion!

Last week, Umesh blogged extensively about the Facebook Scams. The previous scams have demonstrated that Facebook is struggling to contain these attacks. While some attacks seek to spread malicious code, many that we see are attempts to profit from shady advertising.

Facebook really has jumped up as the method of choice for spreading malware and scams. Think before you click - and if you're dealing with a user community that can't tell the difference between real and fake then consider a solid browser security solution.

We have shown some of the heavy JavaScript obfucation techniques used by Fake AV pages, but the vast majority of such pages use lighter, yet effective techniques. Those techniques are aimed at bypassing detection devices (IDS, antivirus, etc.), rather than hiding the source code. The creators focus on making life difficult for those tasked with writing signatures to detect the malicious content.

Some samples of the most common techniques used by malware distributors to try and sneak past anti-virus scanners and intrusion prevention systems.

A UK university student has avoided jail over a malware-based scam that allowed him to break into the personal computers and webmail accounts of an estimated 100 victims.

Paul McLouglin, 22, a Salford University student from Liverpool, tricked victims into downloading password-stealing software, called Istealer, which he had disguised as a code-generation key for online games. McLouglin pleaded guilty on 11 April, prior to a sentencing hearing at London's Southwark Crown Court on Monday where he received an eight months sentence – suspended for 12 months.

Nice work by the UK Police Central eCrime Unit (and a tip of the hat to the team at McAfee for their assist) - getting a conviction for this is difficult, and only comes about after a lot of tireless work.

Bi-directional content inspection is a useful security tool against these types of threats: if a system is compromised you are at least able to stop the data leak and identify the system.

In recently weeks, I have noticed an increase in the use of PDF files for spam. Instead of uploading an HTML page using a compromised account, as seen shown in a previous post "Hundreds of College and Government websites still redirecting to fake stores", spammers are instead uploading PDF files. My guess for their motivation, is that PDF files are less likely to be checked for spam than plain HTML pages.

Good analysis on a new blended threat delivery vector that highlights why real-time scanning of all content is critical to protect your web clients.