Increasing numbers of legitimate sites are unknowingly hosting malware and compromised sites are staying infected for longer, according to the latest threat report from Scansafe.
Some sites are not being cleaned up for two months as the site operators remain unaware of the malicious software's existence.
On average, new threats accounted for 21 per cent of all the malware blocked, according to Mary Landesman, senior security researcher at ScanSafe.
“The numbers speak for themselves," she said. "This malware is remaining active on sites for weeks and in some cases months, leaving users exposed and representing a huge window of opportunity for cyber criminals.”
The most frequently encountered malware were Trojans designed to steal passwords from bank accounts and internet games.
Online gaming is an increasing security risk for many companies.
The report also notes that the complex network of online advertising providers has made it easier for attackers to surreptitiously insert malicious advertising.
In 2007 several high-profile sports sites unwittingly served malicious ads, including the websites for the National Hockey League, Major League Baseball, The Sun and MySpace.