This MSNBC article was informative and while the threat isn't new, web malware has increased in scope to where the volume of email viruses have declined in favor of other ways to compromise user security.

Internet Threat - Growth of Infectious Web Pages
http://redtape.msnbc.com/2007/05/the_next_net_th.html

The Ghost In The Browser - Analysis of Web-based Malware
http://www.usenix.org/events/hotbots07/tech/full_papers/provos/provos.pdf

QUOTE: Don't click on attachments? Good. Always keep that firewall turned on? Even better. Stay away from the Internet's unsavory neighborhoods? Better still. Think you are protected? Wrong.

Computer criminals are evolving their tactics to subdue your computer, experts say. Each time you invest more money and time in staying safe, the bad guys just find another way around your defenses. Their newest method may be the trickiest yet: Web pages booby-trapped with infectious computer code.

In the study, Google found 300,000 Web sites laced with such malicious code, and another 700,000 suspicious sites. For perspective, the study found only 18,000 Web sites laced with adware.

So called drive-by downloads are not new, but criminals have seized on the tactic lately because their success rate with traditional e-mail viruses has tapered off thanks to improved software and consumer education. Avoiding e-mail viruses is fairly easy, as long as consumers following clear rules like "don't click on any attachments." But drive-by downloads are much more sinister, as no user interaction is required beyond opening an infected site in a Web browser.