The threat of infected emails declined, however, with only 1 in every 2500 emails infected, compared to 1 in every 909 in 2007.

Rather than incorporating malware into the email in the form of an attachment, cyber criminals are using unsolicited email to provide links to compromised websites.

Sophos said that there is still a common belief that unsolicited email, or spam, is a non-threat. With virtually all of it unwanted, and a large proportion linking to infected websites, Sophos warned that organisations would be wise to address this problem before they become a victim.

Security industry 

January saw reports of thousands of websites belonging to Fortune 500 companies, government agencies and schools being infected with malicious code.

In February, UK broadcaster ITV was the victim of a poisoned web advert campaign, designed to deliver scareware to Windows and Mac users.

Even companies in the security industry have suffered attacks. Trend Micro’s malware analysis pages were compromised for a few days early in 2008.

This was not the first example of a security company’s website being hacked, with Symantec and Computer Associates both reportedly attacked.

Even a Mac security forum suffered from vast amounts of spam pushing hardcore porn and malware.

Related articles

• The importance of business continuity
• Protectionism tops business concerns
• Payroll fraud alert used in phising scam
• UK firms warned of Chinese espionage
• Banks concerned over staff breaches
• Perils and pitfalls of e-mail spam

Related links

• Sophos