Web-based malware rockets

So far, 2007 has seen a dramatic rise in the number of reported cases of new malware. Security firm Sophos discovered 23,864 new threats in the first quarter of 2007 - a rise from 9,450 during the same period in 2006.

Most of the reported malware incidents were web-based, spreading through malicious websites rather than emails.

Seventy per cent of the infected web pages were existing, genuine websites that had been hacked into because they had not been sufficiently protected.

"What's most worrying is that so many websites are falling victim because the owners are failing to properly maintain them and keep up to date with their patches," said Carole Theriault, senior security consultant at Sophos.

"By targeting a whole range of internet pages, hackers are successfully infecting a larger number of unwary surfers. Any ill-maintained website can fall victim," she continued.

Malicious websites

People are often taken to infected web pages by clicking on links in spam emails.

Spam emails can be created and distributed from anywhere in the world. ISPs in countries with vague or ineffective legislation can pose a problem.

"Spam is a difficult problem to solve as every government legislates differently and the responsibility of the ISPs varies from place to place.

"The fact that one average-sized Polish ISP is single-handedly responsible for relaying five per cent of the world's spam is astonishing - which is why we are currently in talks with them on how they can reduce this glut of unwanted mail," said Theriault.

Sophos identified 5,000 infected web pages per day during the first quarter of the year.