Data taken from the days between the 4th to 8th of May showed that 84.6 percent of websites blocked by the company for hosting malicious content were 'well-established' domains that have been around for a year or more.

During the same period, 10.2 percent of blocked domains were less than a year old and only 3.1 percent were less than a week old.

At first glance this, this runs counter to the assumption that malicious websites more commonly exist for only days or hours in some cases, the better to avoid detection and filtering. This is termed 'fast-fluxing', cycling websites through a maze of bogus sub-domains.

However, according to MessageLabs, the likely explanation is that a move to genuine domains means that the fast-fluxing has now migrated to use a different part of the domain tree.

"The bad guys will compromise the DNS and add sub-domains," said MessageLabs' Paul Wood. The recent figure represented a high mark, admitted Wood, but still represented a gathering storm.