The security firm revealed that in the last week, almost half of all infections were caused by Troj/JSRedir-R. Third-party sites host the malware, which infects PCs when users navigate to them. The malware then steals sensitive personal data.

"No-one should be in any doubt that the web is still the main vector of attack for cybercriminals, and this new threat suggests this situation isn't going to change anytime soon," said Graham Cluley, senior technology consultant at Sophos.

"The problem is that too many computer users still think there's no danger in surfing the web, but with legitimate sites often falling victim to these attacks, it's time to wake up. Hackers won't stop targeting the web as it's proving a successful way for them to spread their infections. To combat this, it's essential to scan every website for malicious code before visiting it."