The number of new pieces of malicious software has doubled in the last year with the web being used increasingly to distribute the code, a report says.
The Miami Dolphins website was infected
In the first quarter of 2007, security firm Sophos identified 23,864 threats, up from 9,450 on this time last year.
In the same period the firm said it was identifying 5,000 web pages per day infected with so-called malware.
The report was released during InfoSec, Europe's largest conference on online security issues, in London.
"With computer users becoming increasingly aware of how to protect against email-aware viruses and malware, hackers have turned to the web as their preferred vector of attack," said the report.
Sophos reported that 70% of infected websites were legitimate sites hijacked by hackers because they had not been sufficiently protected.
Visitors to websites - even legitimate sites - can protect themselves by ensuring they have up-to-date virus and anti-spyware software installed.
Search engine Google will warn users if they are visiting a website which is known to have malware hidden on it.
While malware is a growing problem for users of Windows operating systems, there is little evidence of the problem affecting users of Apple Macs running OS X or PCs installed with Linux.
Sophos cited the example of the Miami Dolphins official website which was hijacked in the week of the SuperBowl and was infected with malicious script.
The code exploited Microsoft security vulnerabilities to install malware located on a Chinese server on to visitors' computers.
"What's most worrying is that so many websites are falling victim because the owners are failing to properly maintain them and keep up to date with their patches," said Carole Theriault, senior security consultant at Sophos.
"The average internet user assumes sites like the Miami Dolphins homepage are safe to access, but by targeting a whole range of internet pages, hackers are successfully infecting a larger number of unwary surfers. Any ill-maintained website can fall victim."
According to the report, China hosts more than 40% of all websites containing malware. The United States hosts almost a third of all sites, while the UK has 3% of the sites.
"China has traditionally had a bad reputation when it comes to cybercrime, consistently coming in the top two spam relaying countries month after month, so its position in this chart should come as no real surprise," said Ms Theriault.
In a separate report, security firm MessageLabs warned that it was beginning to see e-mails which were both spam and contained a virus.
"While the cyber-criminals have long used e-mail viruses to create botnets to send spam, this is the first time MessageLabs has seen viruses hidden within stock scam spam," the firm reported.
Spammers sent out millions of fake stock e-mails in an attempt to influence the price of stock so it rises and can then be sold at a profit by the fraudsters. It is a practice known as "pump and dump".
"Why use two emails when just one will do? These latest techniques are part of a new boldness being shown by certain criminal gangs we are tracking," said Mark Sunner, chief security analyst at MessageLabs.