Hackers are increasingly choosing to spread malware via the web rather than by email, new figures show.

The latest report by Sophos reveals that the number of webpages hosting malicious programmes has jumped to 245,790 throughout April, with an average of 8,193 infected webpages per day.

Security experts at the anti-malware company attribute this to the Mal/Iframe threat, which has dominated the threat landscape last month, accounting for nearly half of all the world’s web attacks. This form of attack exploits vulnerabilities on legitimate sites to install malicious code on to the webpages. Users become infected after visiting the site.

"The Iframe-based attacks are a perfect example of a prolific web threat that targets vulnerable sites," said Carole Theriault, senior security consultant at Sophos. “People are lured to these innocent but compromised webpages via cleverly worded email invitations. Web security has to go beyond blocking websites based upon category alone."

According to the research China and Hong Kong host more than half (56 per cent) of the infected sites detected by Sophos last month, a 20 per cent increase when compared to March. The report claims this is due to China hosting a large chunk of unpatched websites infected with the Iframe malware.