Malware-slingers are tapping into the buzz around a new Harry Potter site to mount a variety of scams designed to either defraud, infect or otherwise con would-be victims.

Proving that the bad guys out there are quick to adapt to anything that might drive traffic and thus dollars, the buzz around the upcoming pottermore.com site is providing a lot of opportunity for new scams.

Santander, a well-known banking site, has often been the target of phishers. In fact, Santander UK often makes the top-10 list of most popular targets according to Phishtank. Last week, we found a phishing site for the Brazilian branch, santander.com.br, that was receiving traffic from a DNS cache poisoning attack.

This shows just how dangerous DNS cache poisoning can be. Pay close attention to the subtle signs, such as the "secure" indicator in your browser to show the page has been encrypted. If in any doubt actually click on that little padlock and verify the certificate is from who you think it is.

Last week I blogged about the CVE-2011-2110 Adobe Flash vulnerability being actively exploited in the wild. Adobe released its patch exactly a week ago (Tuesday, June 14) ... I wanted to do a follow up to identify the patch rate within our enterprise customers.

Mike's follow-up review of the numbers of vulnerable Flash installations after Adobe's update released last week... scary numbers of vulnerable systems out there.

Zscaler Safe Shopping is already available for Firefox, Firefox Mobile (aka Fennec) and Google Chrome. Now, you can also download the extension for your Opera 11 browser. A version for Safari will be available soon as well.

Julien has been busy - he's now ported his Safe Shopping browser plugin to Opera, joining the existing versions for Firefox, Firefox Mobile and Chrome.

Opera users should download it now from https://addons.opera.com/addons/extensions/details/zscaler-safe-shopping/1.0/...

The "Dad walks in on Daughter.. EMBARRASSING!" Facebook scams have become very prevalent. I listed a few examples on our new blog, Zscaler Analyst Scrapbook. I'll go into more detail in this post.

There's no end to the scam attempts on Facebook. As ever, be very careful what you click on, and make sure your security solutions are up to date and effective.

This past Tuesday, June 14, a vulnerability (CVE-2011-2110) in the Adobe Flash Player was patched. This vulnerability is actively being exploited in the wild - prior to the patch, the earliest exploitation that we have seen in our logs thus far, dates back to early last Thursday (June 9th).

Flash and Acrobat are still topping the charts of active exploits - make sure your Flash Player is up to date!

The ultimate dream of a phisher it to be able to set up thousands of phishing sites freely, anonymously, and quickly. Luckily for them, PasteHtml.com offers a service which empowers them to do just that. It is a "Free anonymous web hosting" site, which allows anyone to create any page with a simple POST request.

Trust the phishers and scammers to find a way to abuse a useful service. Be careful of any site that links you out to hosting services such as pastehtml.

Recently, I have noticed a significant increase in the usage of the Incognito exploit kit. Similar to the Blackhole exploit kit, Incognito also targets vulnerabilities in Java and Adobe products.

Use of the Incognito exploit kit is on the rise. Incognito attempts to exploit known vulnerable ActiveX controls, the Java Deployment Toolkit and Acrobat Reader.

multiple domains using IP "178.18.243.219" were found to be Blackhole exploit kit. Further analysis confirmed distribution of evil contents using these domains.

Very often while we're conducting log analysis across our cloud in order to add security protections (signatures, black listing, reputation scoring, etc.) we find interesting scraps of information. While this information may not be interesting to the masses - it may help those working in security operations centers (SOCs) or other roles to add similar protections for their users.

The Analyst Scrapbook can be found at http://scrapbook.zscaler.com. If you're a regular follower of the Research blog, you're going to want to add this one to your reader list as well.

Following a previous post on a malicious Google News search, we identified additional domains related to this attack, also serving malicious code. The method of infection remains the same by injecting a malicious script, which will redirect victims to one of several malicious domains.

Umesh has indentified 27 additional domains that are being used to host malicious code related to the compromised news search results. As ever, exercise vigilance when looking at search results.

One of our blog readers, Mr. Jon Leathery informed me yesterday about a link in a Google News search leading to a malicious website. “Laurence Fishburne leaving CSI”, was a popular topic recently and was being taken advantage of to spread malware.

It's not just the normal search results that are being poisoned; news searches are also being manipulated to direct browsers to malware.

Attackers usually use some form of social engineering technique to fool users into downloading and executing a malicious executable - they scare users with a fake antivirus page, they present users with a video that requires a new software or codec update, they claim the user's browser or Flash version is out of date, etc. Last week, I found several Google search results for popular terms leading directly to a virus download.

The results here were a little scary - only five anti-virus engines out of 42 detected this threat. While AV is an important part of a defensive strategy, it's simply not the right tool to keep users protected online.

Google searches for popular software (Windows, Microsoft Office, etc.) often contain links to fake online stores since at least December 2010. Google has done very little to clean up the search results.

Julien's latest research into blackhat SEO shows an increase in malicious search results for popular shopping terms. Might be a good time to grab a copy of the Safe Shopping plugin!

I had previously released Zscaler Safe Shopping for Firefox and Firefox mobile to warn users when they are visiting such sites. The extension is now available for Google Chrome.

All you Chrome fans out there can now rejoice and take advantage of some extra browser protection - Julien's Safe Shopping plugin is now available in the Chrome Web Store.

The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Vendors in the Magic Quadrant are evaluated based on ability to execute and completeness of vision.

All of us at Zscaler are immensely proud of achieving the most visionary position in the "Leader's" quadrant of the latest Gartner Magic Quadrant for Secure Web Gateway products and services. This recognition of not only our unique technology and cloud architecture, but also of our ability to bring our service to a global market validates all our efforts and shows that we're a serious contender in the security market.

The full report can be downloaded from our web site at http://www.zscaler.com/magic_quadrant_2011.html.

Fraudsters wasted little time running scams based on the death of Osama bin Laden, so it's no big surprise that they are now running cons based on the conspiracy theory that the former head of al Qaida is alive.

More Osama scams, this time using Twitter as the initial vector.

Crooks using online games to farm virtual currencies that they can sell for real money have turned internet spaceship game Eve Online into a battlefield for botnets.

Gamers beware... it's not just Facebook that's full of trojans and scammers.