Sophos identified an average of more than 15,000 newly infected web pages each day from 1 January to 31 March 2008.
The security firm warned that 79 percent of these malware-hosting sites are found on legitimate websites that have been hacked.
February saw the website of UK broadcaster ITV fall victim to a poisoned web advert campaign which targeted Windows and Mac users.
In March a Euro 2008 football ticket website was hacked by cyber-criminals in an attempt to infect unwary fans.
In contrast, just one in every 2,500 emails is now infected, compared to one in every 909 in 2007.
The top two web threats, Mal/Iframe and Mal/ObfJS, which are together responsible for more than half of all online malware found by SophosLabs, are programmed to infect websites by taking advantage of vulnerabilities.
"About one percent of web requests now deliver an infected page, most of which are legitimate websites belonging to people just trying to earn a living, " said Carole Theriault, senior security consultant at Sophos.
"Already in 2008 we have been reminded that it is not just the small, independent sites that are being hacked.
"With compromised websites of household names now serving up malware, it is more important than ever for users to ensure that they use a fully protected machine, and for businesses to protect their web servers from attack."
Sophos reported that the list of countries hosting the most infected web pages shows some "interesting changes" since 2007.
The US, in particular, has experienced unprecedented growth, from hosting less than 25 percent of all infected pages overall in 2007, to almost half in the first three months of 2008.
China has demonstrated the biggest drop, from hosting more than half of all infected pages seen by Sophos in 2007, to just under a third in the first quarter of 2008.
Elsewhere in the chart, newcomer Thailand was responsible for hosting one percent of all malware infected pages, while the UK hosted 1.1 percent, down from three percent in the same period last year.
"The US and China are no strangers to this chart, and have long held the top two spots in this hall of shame," said Theriault.
"However, the bottom half of the chart remains fluid, indicating that users need to remain vigilant.
"Those hosting websites need to ensure that they have patched against vulnerabilities that might be lurking on their site to avoid becoming part of the problem."
New malware-infected site found every five seconds
By Robert Jaques on Apr 23, 2008 7:29AM