The number of Web sites hosting malicious software, either intentionally or unwittingly, is rising rapidly, according to statistics to be released on Tuesday from Dasient.

More than 640,000 Web sites and about 5.8 million pages are infected with malware, according to Dasient, which was founded by former Googlers to offer services to help Web sites stay malware-free and off blacklists.

That figure for infected pages is nearly double what Microsoft estimated in a report in April.

Meanwhile, the Google blacklist of malware infected sites has more than doubled in the last year, registering as many as 40,000 new sites in one week.

Dasient identified more than 52,000 Web-based malware infections, bringing the total to more than 72,000 unique infections logged by the company since it launched its malware analysis platform early this year.

Infections on newly compromised sites that have 10 pages or more spread to nearly one quarter of the pages on the site, on average. Nearly 40 percent of the infected sites were later reinfected.

Most of the malware infections are accomplished by JavaScript and iFrames being injected into legitimate sites, accounting for nearly 55 percent and 37 percent respectively, said Dasient co-founder Neil Daswani.

The statistics illustrate the growing trend of attackers targeting browsers and Web applications with SQL injections, cross-site scripting and other attacks that can lead to drive-by downloads. Infections can come from anywhere on a site, including widgets and ads.

Dasient will be providing a top 10 list of Web-based malware attacks for each week and other trend information, as well as publishing information about new infections via a Twitter feed.

Dasient is sharing information on the top Web-based malware infections with Web site owners.

(Credit: Dasient)