new http attack can fool all our defenses
http://www.watchfire.com/resources/HTTP-Request-Smuggling... The http request smuggling is possible when the firewalls, webservers, proxies can't handle especially malformed http requests and let the traffic pass - also the ones that are hidden. It seems that more and more products are being discovered as being vulnerable and are releasing patches. You can ignore them at your own risk and become a risk to yourself and your clients. http://www.osvdb.org/blog/?p=23
another interesting paper about http attacks (but then on the sites that are trying those infections once the vulnerable browser has visited them) is written by a security manager of Microsoft
http://dr00.sts.winisp.net/VulnAnalysisPaper/Vulnerabilit... The article gives a good overview of the exploits, the sites and what can be done.
how a drive-by download happens is also clearly explained in https://netfiles.uiuc.edu/ehowes/www/dbd-anatomy.htm