Websense report shows a huge explosion in the number of malicious sites during the first half of 2009. 77 percent of those sites found to be hosting malware during the period are legitimate sites. This isn’t necessarily a surprising statistic, given the slew of large-scale SQL injection attacks that have appeared recently, including Gumblar, Nine Ball and others. Anecdotal evidence suggests that the attackers have such a large base of vulnerable sites to choose from that if one site closes a hole, they just move on to the next one.
Source: https://threatpost.com/legitimate-sites-fertile-ground-malware-091509/72287/