Reporting on the trend, Czech Republic-based Avast says that a classic example of this is the www.summersearch.co.uk portal, that, as of yesterday (Wednesday) was infected with the JS:Kroxxu family of malware.
"Many of these sites are typically just holding pages for a catchy URL with very little substance behind them", said Ondrej Vlcek, Avast's chief technology officer.
"In the summersearch example, the site is just a front end to a Kelkoo search engine, but anybody clicking on any links on the page without proper anti-virus protection could be infected by malware", he added.
According to Vlcek, JS:Kroxxu is slightly different from the usual web malware in that the hacked domains are cross-referenced during an attack.
This means, he says, that one infected domain just redirects visitors to another infected domain, which then finally serves up malware using the latest exploits.
Avast is keen to stress that there is no suggestion that Kelkoo or any of the established search aggregators or price comparison services have any viruses or malware.
However, the company says, the open interfaces into these services allows other less well-protected or unscrupulous websites to place a simple graphic user interface over their sites and provide price comparison services under their own brand.
Vlcek adds that many of the infected travel and holiday-related websites are small businesses.
"There are a few websites for camping holidays and villa rental, for example, that have infections. As far as we can tell, these are all legitimate and in many cases small family run businesses that have had their websites infected without their knowledge", he said.
"The other area we are warning about is spam mail directing users to fake sites that offer holiday offers that are too good to be true", he added.
Vlcek says that no anti-virus software will stop a fraudulent offer, but notes there are some telltale signs like websites with no contact phone number, registered office or secure transaction processing facilities that should raise alarm bells.
"Make sure your anti-virus is updated and be cautious around giving out details to websites with no verifiable status", he said.