In its Q1 08 threat report released Monday, Sophos says that it discovered a new infected Web page every 5 seconds. In 2007, the company says, it saw new infected Web pages every 14 seconds.
"The Web continues to be the preferred way for malware authors to deliver their attacks," the report says. "Our growing dependence on the Web for purchasing and gathering information makes it an ideal hunting ground for cyber criminals chasing poorly protected users."
The rise in infected Web pages is related to a decline in infected e-mail. Sophos says that about 1 out of every 2,500 e-mail messages contained malware, compared to 1 out of every 909 messages monitored in 2007.
Sophos attributes this decline to a shift from infectious attachments to the inclusion of links that lead to infected sites.
E-mail containing such links may not register as a carrier of infection, but the absence of a malware payload doesn't mean such messages are any less dangerous.
The Sophos report says that the company found new spam Web pages every three seconds and that 92.3% of e-mail during this period was spam.
"Ironically, there is a still a common belief that unsolicited e-mail, or spam, is a non-threat," the report says. "With virtually all of it unwanted and a large portion linking to infected Web sites, organizations would be wise to address this problem before they become a victim."