The figures equate to a unique malware file being created every 30 seconds, according to the Sophos Mid-Year 2011 Security Threat Report.
Around 19,000 malicious website addresses (URLs) are now identified daily, with 80% of those URLs being pages on legitimate websites that have been hacked or compromised, the report says.
"2011 has seen a continued massive increase in the volume of malware in which the web is the dominant vector for both targeted and mass-scale attacks," said Mark Harris, vice president of SophosLabs.
The virulence of attacks such as fake anti-virus requires a prompt move by IT organisations to employ more layered web protection and defences to reduce the attack surface of the devices they use, he said.
Key threats identified in the report include search engine poisoning and social media threats.
Search engine poisoning is on the rise, the report says, threatening businesses of all sizes. Cybercriminals manipulate search results from Google, Bing and Yahoo to lure web surfers to malicious pages.
Sophos says search engine poisoning attacks are extremely effective, and account for more than 30% of all malware detected by Sophos's Web Appliance.
Social media threats have sharply escalated, the report says, while mass scale e-mail-focused attacks are diminishing. As Facebook holds so much personal information on users, scam attacks have been severe in 2011, the report says, and involved cross-site scripting, clickjacking, bogus surveys and identity theft.
This story was first published by Computer Weekly