SEO "code injection or poisoning" became the new IT security threat in 2008, according to Kris Lovejoy. The director of IBM's security, governance and risk management division, Lovejoy notes that
this factor affected around 1.2 million Web sites, including some "very high-profile" ones.
Destructive code from a variety of sources can attach to composite applications, such as SOA or Web 2.0 widgets and mash-ups. Lovejoy suggests after the "dust settled from this exceptionally destructive threat," it became clear these types of applications had become "ground zero for hacker attacks."