The number of malicious website on the net has increased by more than 100 percent since last year, says Websense.
According to the security firm's 2010 Threat Report, nearly four in five (80 percent) of websites with malicious code are legitimate sites that have been compromised, while 90 percent of all unwanted email during the same period featured links to malicious or spam sites.
Furthermore, Websense said that web users searching for breaking news have a 22 percent chance of stumbling across a malicious site, that more than those searching for adult content, who have a 21 percent chance of navigating to an infected page.
Research by the security firm for the report revealed that 23 percent of search results regarding online entertainment lead to a malicious links and the US was the country hosting the most phishing sites.
When it comes to data-stealing, 52 percent of attacks happened via the web and the US and China were the countries responsible for the most data-stealing malware in existence on the web between 2009 and 2010.
Two in five of all Facebook status updates contain a link and of these, 10 percent are either spam or malicious.
The Websense 2010 Threat Report also highlighted that cybercriminals now resort to blending different botnets, trojans and viruses, such as Aurora, Stuxnet and Zeus, and then using a combination of tactics, such as phishing scams, compromised websites and social networks, to spread them throughout the web.
"The continued rise of organised cybercriminal gangs and the emergence of targeted advanced malware threats are the most concerning trend we've seen," said Dan Hubbard, chief technology officer, Websense.
"Security needs to move ahead of the attackers and focus on contextual classification in order to thwart them. Simple binary access controls and castle and moat security will not solve the complex attacks we see today."
The security firm also predicts the number of blended attacks will rise throughout 2011, along with a surge in the number legitimate smartphone apps that are being repurposed for spam and phishing attacks.