Over three quarters of websites with malicious code were legitimate sites that had been compromised this year.

According to the Websense Security Labs report, state of internet security for the first two quarters of 2009, most threats to information security are leading to the web, either using the internet as the attack vector, or simply the route through which stolen, confidential data is transmitted.

It identified a 233 per cent growth in the number of malicious sites in the last six months, and a 671 per cent growth over the last year. It claimed that the high percentage was maintained over the past six months in part due to widespread attacks including Gumblar, Beladen and Nine Ball which aimed at compromising trusted web properties with massive injection campaigns.

Meanwhile, it claimed that Web 2.0 sites that allow user-generated content are a top target for cybercriminals and spammers, as Security Labs identified that 95 per cent of user-generated comments to blogs, chat rooms and message boards are spam or malicious content.

The report claimed that efforts to self-police Web 2.0 properties have been largely ineffective. Websense research shows that community-driven security tools used on sites such as YouTube and BlogSpot are 65 to 75 per cent ineffective in protecting web users from objectionable content and security risks.

Websense CTO Dan Hubbard, and author of the report, said: “The last six months have shown that malicious hackers and fraudsters go where the people are on the web - and have heightened their attacks on popular Web 2.0 sites and continued to compromise established, trusted websites in the hope of infecting unsuspecting users.

“From malicious Twitter spam campaigns and blog comment spam to the massive injection attacks, those perpetrating fraud are exploiting the inherent trust users have of known web properties and other users.”