For the first time, enterprise networks face a greater threat from malware served from websites than worms spreading across their network, according to Microsoft.
The Conficker worm had remained the most common threat for 42 months but have since been replaced by web-based threats including IFRAMEs, which seed trusted websites with JavaScript code to redirect victims to a malware-serving site.
The BlackHole exploit kit was also on the rise along with the Zbot or Zeus trojan, most commonly known for stealing banking information.
Seven of the top 10 enterprise threats are associated with hacker-owned websites or legitimate sites that have been compromised.
Conficker remained the second most prevalent threat despite that its combined share with AutoRun malware fell 37 percent between 2011 and the second half of 2012.
The malware initially spread by exploiting a vulnerability in Windows Server service which was patched nearly four years ago.
Conficker has recently propagated through the brute-forcing of weak passwords.
Microsoft Malware Protection Center senior program manager Holly Stewart said keeping software patched would help limit exposure to the web-based threats.
"Just having your software up to date is a pretty good mitigation against the vast majority of attacks that were out there," she said.
The research drew on data from the 600 million customers using Microsoft Software Removal Tool each month.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
