Malicious software has more than doubled in the last year and is increasingly finding a home on web pages, according to an internet security report released Tuesday.

In the first quarter of 2007, security firm Sophos PLC identified 23,864 new threats, more than double the 9,450 the company found in the same period last year.

Malicious software can take many forms: mass-mailing worms, parasitic viruses that attach and copy themselves onto legitimate documents or Trojans disguised as other programs that allow hackers to steal personal information from computer users.

The company said this growth was spurred by a new movement to place malicious programs on websites rather than sendthem through e-mail attachments.

"With computer users becoming increasingly aware of how to protect against e-mail-aware viruses and malware, hackers have turned to the web as their preferred vector of attack," the report said.

From January to the end of March, the company identified an average of 5,000 new infected web pages every day.

Hackers did not create all of the infected websites, however. The majority — 70 per cent — were websites vulnerable to attack because they were unpatched or poorly maintained by their owners.

The most high-profile infection identified in the report happened in February on the website of the Miami Dolphins football team while the city of Miami was hosting the Super Bowl.

"What's most worrying is that so many websites are falling victim because the owners are failing to properly maintain them and keep up-to-date with their patches," Carole Theriault, senior security consultant at Sophos, said in a statement.

"The average internet user assumes sites like the Miami Dolphins homepage are safe to access, but by targeting a whole range of internet pages, hackers are successfully infecting a larger number of unwary surfers. Any ill-maintained website can fall victim."

According to the report, China hosted more than 40 per cent of all websites carrying malware, the most of any nation. The United States was second, with 29.2 per cent of all infected sites.

While the web is hosting more malware programs, the percentage of infected e-mail, on the other hand, actually declined from last year. It dropped from 1.3 per cent of all e-mails to 0.4 per cent, or from one in 77 e-mails to one in 256.

But in real terms, the amount of spam increased by 4.2 per cent from the first quarter of last year.

Poland is a growingsource of spam, the report said, with a single internet service provider — Polish Telecom — identified as the source for one in 20 spam messages worldwide.