If you're wondering where most malware comes from, check the "favorites" list in your Web browser.

According to Websense Security Labs' newly published "State of Internet Security" report for the second half of 2008, 77 percent of Websites that carry malicious code are legitimate sites that have been compromised. This figure rose by almost 3 percent over the first six months of the year. The number of sites carrying malicious code grew by 46 percent over the course of 2008, Websense says.

Seventy percent of the top 100 sites on the Web -- most of them social networking or search engine sites -- either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious sites, according to the report. This figure represents a 16 percent increase over the first six months of 2008, Websense says.

"The most prevalent trend was the continued use of Web 2.0 content to exploit weaknesses within the Web infrastructure to attract the greatest number of victims," the report states. "Search engines and social networking sites were the biggest targets over the last six months, as hackers continued to get creative and leverage user-created content to compromise sites with good reputations."

And the Web is becoming attackers' favorite vehicle for launch, the report states. In the second half of 2008, 57 percent of data-stealing attacks were conducted over the Web -- an increase of 24 percent over the first half.