Up to seventy percent of the 5,000 websites found every day to be spreading malware turn out to be legitimate, security software vendor Sophos has said.

The company's latest quarterly survey reveals the extent to which cyber-criminals use the web. "We’re seeing less malware in email these days," said Graham Cluley, senior technology consultant for Sophos, "but criminals have turned to the web instead. Some days we see as many as 20,000 websites that have been infected."

The switch to web-based malware coincides with a dramatic rise in the number of threats. Sophos identified 23,864 new threats in the first quarter of the year, a huge increase on the equivalent quarter from last year when Sophos identified 9,450.

Cluley conceded that many of these were different variants of the same malware family but said there was a still a marked increase, one that should concern security managers.

“There’s been a dramatic increase since money came into malware - once criminals realised that it was easier to set up a website to rob people than it was to put on a mask to rob a bank. What’s more, although one or two are caught, the chances are that they won’t be, so it’s a relatively safe thing to do.”

Cluley also said more could be done to educate users. "IT staff know about the threats but much more should be done to educate home users." He expressed particular concern about users who could download malware from their laptops at home before bringing them into the office.

The Sophos survey also revealed the ISPs most guilty of spreading spam. As we reported a few weeks ago, China has cut down considerably on its offending ISPs but Cluley said that the worst offender was now a small Polish ISP, Polish Telecom, that is responsible for five percent of the world’s spam.

In fact, the five worst-offending ISPs (three of which are in the US) send nearly 15 percent of the world’s spam. Clamp down on these, said Cluley, and there should be a huge difference in the volume of spam.