Frank_Rizzo - 3:41 pm on Jun 22, 2010 (gmt 0)

GETs for /myHigherEdJobs/Login/

without payloads are often pre attack attempts. Standard hack trawling to find marks ready for attacking.

the example.com mask was originally

Alpha (C)
Zero (N)
Victor (C)
dot
org

I still do not understand why Yahoo would even attempt to call a script from that site, on sites which it crawls.

Either they do not know that the site did host bad scripts (google started announcing site warnings, and delisting it in Aug 09), or someone has found a way to piggy back off yahoo serps in order to try and run code on target sites.