Another thing to remember is that all downloads of said websites will be flagged, regardless whether they are indeed malicious or dangerous in nature, or not. All downloads? Well that is not entirely right, at least not for now. Google flags all Windows executable downloads as suspicious if the site is on the Safe Browsing list. No warning is currently displayed for other files. These files are not actually scanned by Google, keep that in mind if the warning message pops up.

Safe Browsing is used by Google Search, and various web browsers to warn users when they visit web pages or sites that have been flagged.

Safe Browsing has done a lot of good for the web, yet the Internet remains rife with deceptive and harmful content. It’s easy to find sites hosting free downloads that promise one thing but actually behave quite differently. These downloads may even perform actions without the user’s consent, such as displaying spam ads, performing click fraud, or stealing other users’ passwords. Such sites usually don’t attempt to exploit vulnerabilities on the user’s computer system. Instead, they use social engineering to entice users to download and run the malicious content.

The feature has already been implemented into Google Chrome dev and Canary, and Google plans to release it at a later time for the beta and stable branches as well. It is not clear yet if Linux and Mac users will see the warning messages as well, chance is they will. (via)

Creating NTFS Alternate Data Streams is not complicated at all. You can use the “type” command to do that. To fork the file virus.exe into calc.exe you would use the command type virus.exe > calc.exe:virus:exe if they are in the same directory. Add the path if they are not. The size of the calculator does not change, the only indicator is that the file changed stamp is altered.

But executing those files must be harder, right ? Wrong again. To execute virus.exe you use the command “start”, in our example it would be start calc.exe:virus:exe.

A software like Stream Explorer can find those NTFS Alternate Data Streams on your hard drive. An alternative is List Alternate Data Streams

Many popular guestbook and forum programs allow users to submit posts with html and javascript embedded in them. If for example I was logged in as “john” and read a message by “joe” that contained malicious JavaScript in it, then it may be possible for “joe” to hijack my session just by reading his bulletin board post. Further details on how attacks like this are accomplished via “cookie theft” are explained in detail below.

Source: “The Cross Site Scripting FAQ”. Click link to read the whole faq.

Update: Users who are looking for protection against Cross Site Scripting attacks may want to check out the excellent NoScript add-on for the Firefox web browser. XX protection is automatically enabled after installation. The extension for Firefox blocks untrusted websites from injecting scripts into trusted websites, which is an excellent way of protecting users from XSS attacks.

Additional information about Cross Site Scripting are available on Wikipedia. The external links section on the site is especially useful for researchers and security interested users.