Joe Rhodes Consulting LLC

Google sees a lot of the internet. They decided to take a sample of the web pages they crawl, taking a close look at 4.5 million web sites they thought were suspicious. Of that group, there were 450,000 pages with exploits on them that compromised a PC. Another 700,000 were strongly suspected of having exploits, but didn’t actually compromise a PC.

They found that malicious web pages come about for four main reasons:

1. Poor web-server security
2. User-contributed content (blogs, MySpace, etc.)
3. Advertising (banner ad space sold to unscrupulous third parties)
4. Third-party "widgets" (little browser-based programs)

It’s a very academic (that is, dry and boring) read, but interesting non the less.

Google PDF on Web Viruses