In addition to being difficult to track down, my colleague Oliver points out that intrusion detection systems, network firewalls, and other devices that scan traffic as it passes through a network would probably miss this malicious payload because of it being encrypted within an SSL stream. http://blog.stopbadware.org/2009/07/31/hiding-an-infection-in-an-unused-ssl-site