Hackers have infected over 380,000 new webpages with malware since the beginning of September, according to security firm Sophos.
This represents a new infection every five seconds.
The firm said more than 90% of these web pages belong to legitimate sites that have been compromised through hacking techniques such as SQL injection.
Recent victims include BusinessWeek, Unicef, UK government sites and the International Tennis Federation.
This means a large number of websites being visited by businesses pose a threat because simply visiting a site can infect unprotected users.
Sophos has announced a new service to notify website administrators if their site is hosting malicious code.
Carole Theriault, senior security consultant at Sophos, said the WebAlert service provides companies with visibility as to whether their websites are being attacked.
"For too long it has been child's play for hackers to infect websites without the owner of the site ever being aware. Many firms have still not coded their websites correctly or taken the preventative measures necessary to stop infections like this occurring," she said.