Hi malware fighters,
Loads of webpages are being infected by cross site scripting injections, read: http://www.technicalinfo.net/papers/CSS.html
and http://www.cgisecurity.com/xss-faq.html
An example of a searchengine one flagged by Firekeeper: === Triggered rule ===
alert(url_content:“%3C”; url_content:“%2F”; url_content:“%3E”; msg:“Suspicious looking GET request containing %3C, %3E, and %2F. Suspiciously HTML-like.”; reference:url,hxtp://ha.ckers.org/xss.html; reference:url,http://en.wikipedia.org/wiki/Cross-site_scripting;)
=== Request URL ===
htxp://search.yahoo.com/search?p=%3Ciframe+src%3D%22http%3A%2F%2Fwww.mysearchengine.com%2Fsearch.pl%3Ftext%3D%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E%22%3E&ei=UTF-8&fr=flo2&type=bWljX2RlZmF1bHQqdmVyXzIuNS42Kmluc18yMDEwMDUqY3R4X3U%3D
NoScript will filter this as a potentional cross site scripting attempt…
polonus