One in every 10 web pages contains malicious code that could infect your PC, according to search giant Google .
Some 4.5 million web pages were analysed by Google's researchers. About 450,000 of the pages were capable of launching so-called 'drive-by downloads'. These are websites that install malicious code (such as spyware) without your knowledge. This is a common way of infecting a computer or stealing personal information such as passwords.
Such websites often consist of malicious programs that install themselves automatically on your computer if you happen to click on a link to, or visit, a malicious website.
"To entice users to install malware, adversaries employ social engineering," wrote Google researcher Niels Provos and his colleagues in a paper titled The Ghost In The Browser .
"The user is presented with links that promise access to 'interesting' web pages with explicit pornographic content, copyrighted software or media. A common example are websites that display thumbnails to adult videos," Provos wrote.
The Google researchers found that the code is often found in the parts of a website that the owner did not design or have any control over, such as in banner adverts. Postings in blogs and forums that contain links to images or other content can also infect a user.
Malicious programs such as these do not only steal sensitive information. They can also alter your bookmarks, install unwanted toolbars or change your web browser's homepage.
Another 700,000 web pages contained code that could compromise your computer, the Google team said.
Google is attempting to address the problem. It has "started an effort to identify all web pages on the internet that could be malicious". It said the "vast majority" of vulnerabilities occur in Microsoft's Internet Explorer web browser.