Mar 8, 2011 15:06 GMT  ·  By

Data gathered by Web security vendor Dasient shows that over 1.1 million websites were infected during the fourth quarter of 2010.

The number of infected websites was almost double the one registered for the same period in 2009, suggesting that the Web attack vector has become a very attractive one for cyber criminals.

"As was also the case in last quarter’s malware report, there is a continuing trend in the growing number of infected websites. Over the past year, we’ve estimated that over 4 millions domains have been infected," the Dasient security experts write.

This means that around 3% of the Web's 130 million domain names were infected at some point in 2010. Factoring in the average number of pages viewed by people in a day, the vendor concludes that after three months of browsing, the probability of a user encountering an infected site is 95%.

On the other hand, drive-by download attacks make use of exploits that target a total number of around 20 vulnerabilities in popular software, most of which are over one year old.

The most common ones are Adobe Reader and Acrobat stack and buffer overflows, particularly CVE-2009-0927,  CVE-2007-5659 and CVE-2008-2992, suggesting that a lot of people are still using outdated versions of these programs.

Dasient's data also shows that malicious advertising (malvertizing) is a growing problem, with the number of impressions doubling in Q4 compared to Q3.

Fortunately, the average lifetime of such campaigns continues to decrease and is now 9.8 days compared to 11.1 in Q3 and 11.8 in Q2.

"Malvertisers typically mount their attacks on weekends, during which IT departments are slower to respond, as we have seen in previous quarters, and continued to see in Q4 2010," the Dasient experts note.

Given the increasingly active Web malware landscape it is vital for users to always have an up-to-date antivirus installed that is also capable of detecting Web threats.