Updated

Despite the common belief that "sketchy" Internet sites are more likely to host malware than their mainstream counterparts, the reverse may be true.

Internet users are 21 times more likely to become infected by visiting a legitimate online shopping site than by visiting a site used for illegal file-sharing, according to Cisco's latest annual security report.

"Web malware encounters occur everywhere people visit on the Internet — including the most legitimate of websites that they visit frequently, even for business purposes," Mary Landesman, Cisco senior security researcher, said in the report.

[pullquote]

"Business and industry sites are one of the top three categories visited when a malware encounter occurred."

More On This...

That ad could come from anywhere
The problem isn't in the sites themselves; it's in the ads.

At first glance, Web pages appear to be nice neat little bundles of information. But in most cases, when you load a webpage, that page makes "calls" to third-party servers that host images, video content and advertisements that are syndicated to thousands of public-facing websites.

Examples are YouTube videos embedded into WordPress or Tumblr blogs, or banner ads displayed across the top of a page.

The information is collated and formatted to appear cohesive, but is often really comprised of information called in from many different sources.

So when criminals successfully attack an ad network, their malware becomes syndicated and sent to all the places those ads go — from Target and ToysRUs.com to eBay and Amazon.

Widest possible reach
That makes perverse sense. The more popular a site, or the more family-friendly an ad, the bigger the pool of potential malware victims is.

Ad networks that target niche interests, or simply have fewer scruples, are less attractive to cybercriminals. That makes sites that host illegal movie and TV streams and pirated software perhaps safer than a site that sells legitimate DVDs.

That goes counter to the conventional wisdom, which holds that fringe websites featuring pirated wares, shock photos and pornography are more likely to host malware than mainstream sites.

"Our data reveals the truth of this outdated notion, as Web malware encounters are typically not the by-product of 'bad' sites in today’s threat landscape," the report added. "Dangers are often hidden in plain sight through exploit laden online ads."

The report also noted that despite a sharp uptick in the amount of malware aimed at Android devices, Android malware still accounts for less than one-half of 1 percent of all malicious software. Most infected mobile devices are jailbroken and/or contain apps from unofficial app markets.

Malicious scripts, such as infected iFrames, make up the vast majority — 83 percent — of all Web-based malware vectors, the study found. Ten percent of all attacks hit their targets twice with a follow-up virus, worm or data-stealing Trojan.