Eighty-five percent of all malware is web-based and some 30,000 websites are newly infected with malicious code each day, according to Sophos.
The BlackHole exploit kit was behind most drive-by-downloads according to the anti-virus company.
SophosLabs senior threat researcher Beth Jones said the BlackHole code was difficult to detect and was constantly updated to take advantage of new unpatched vulnerabilities.
"BlackHole mainly spreads malware through compromised websites that redirect to an exploit site, although we've also seen cybercriminals use spam to redirect users to these sites," the Sophos threat report said. "This year we've seen numerous waves of attacks against thousands of legitimate sites."
Jones said patching efforts were insufficient citing that 15 per cent of infection attempts against customers were due to the Conficker worm, which was patched three years ago.
"It wasn't just an isolated incident," she said. "Conficker spread so fast. You get one machine infected with it and suddenly you have a very large problem."