One in 10 web pages scrutinised by search giant Google contained malicious code that could infect a user"s PC. Researchers from the firm surveyed billions of sites, subjecting 4.5 million pages to "in-depth analysis".
About 450,000 were capable of launching so-called "drive-by downloads", sites that install malicious code, such as spyware, without a user"s knowledge. A further 700,000 pages were thought to contain code that could compromise a user"s computer, the team report.
As well as characterising the scale of the problem on the net, the Google study analysed the main methods by which criminals inject malicious code on to innocent web pages. It found that the code was often contained in those parts of the website not designed or controlled by the website owner, such as banner adverts and widgets.
In a test, the researchers" computer was infected with 50 different pieces of malware by visiting a web page hosted on a hijacked server.