A new attack known as Gumblar is continuing to blow all previous web-based malware out of the water, with a new infected web page found every 4.5 seconds, according to the Security Company Sophos.

The security company said that Troj/JSRedir-R is now found six times more often than its nearest rival MaVlframe-F; and is responsible for almost half of all malicious infections found on websites over the past seven days.

Sophos senior technology consultant Graham Cluley said, "No-one should be in any doubt that the web is still the main vector of attack for cybercriminals, and this new threat suggests this situation isn't going to change anytime soon. The problem is that too many computer users still think there's no danger in surfing the web, but with legitimate sites often falling victim to these attacks, it's time to wake up. Hackers won't stop targeting the web as it's proving a successful way for them to spread their infections. To combat this, it's essential to scan every website for malicious code before visiting it."

JSRedir-R, which has been found on high traffic legitimate websites, loads malicious content from third-party sites (including one called Gumblar.cn, inspiring some security vendors to dub the threat 'Gumblar') without users' knowledge. The malware can then be used to steal sensitive infolmation for financial gain, to commit identity theft or to meddle with search-engine results. Sophos advises users of other anti-mal ware solutions to check their products are updated and offering protection.