At first glance, it may seem that owners of websites should not be concerned about these botnet-driven attacks. After all, a successful attack tries not to affect the injected site and its actual users, and doesn’t use server resources or hide itself in the user-observable web content. However, this is not actually the case. While the injected HTML code attempts to remain hidden from the site users, due to the way websites are rendered by web browsers traces of the injected links are often observable. Showing injected links to adult sites and Viagra sites in the middle of a respectable site’s product catalog is intolerable to the site’s owners. Moreover, since the attack vector indiscriminately changes the contents of all textual fields within the database, an application may actually break and deliver bad results. The ability of an attacker to launch this attack against an application implies that a similar vector can be used to turn the compromised application into a malware delivery platform. This malware delivery attack is known as a drive-by-download where all or specific visitors of the site get infected with malware. One recent example of such an attack was reported against an EC-Council application4. An additional long-term effect for compromised applications is a degradation of their search engine rankings as they become notorious for Black-Hat SEO. The negative impact of SEO rankings directly affects the business of enterprises that own these applications.