"Web-based malware has become a dangerous tool in the arsenal of cyber-criminals," said Mark Sunner, chief security analyst at MessageLabs.
"The bad guys know that web-borne attacks are uncharted territory for many computer users and are taking advantage of this in addition to vulnerabilities and weak security in web applications."
Sunner added that businesses that allow employee access to any website, and sites with webmail accounts that have not been scanned by corporate security systems, are at particular risk.
"In April MessageLabs stopped an attack spoofing YouTube videos, not mailed out as links but distributed via user-generated content sites like blogs and links posted on comments pages," said Sunner.
"This is testament to the fact that spammers are using content that historically works, but vary the distribution tactics so as to go relatively unrecognised in their motives."
Activity from the Storm botnet declined from 20 per cent in the first quarter to less than five per cent during the second quarter of 2008.
This has forced spammers to turn to rival botnets like Srizbi which is now responsible for around 40 per cent of all spam.
Despite web threats reaching new levels over the past year, the amount of spam, viruses and phishing attacks blocked by MessageLabs remained steady compared with May 2008.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
