Analysts at Kaspersky Lab have been monitoring a pool of about 300,000 legitimate Web sites for the last several years. In 2006 the rate was about one infected site in every 20,000 otherwise clean sites. By 2009 that number had skyrocketed to one in every 150 sites, a massive increase driven by the continued success of mass SQL injections campaigns by malware such as Gumblar, Asprox. Many of the infections also are using stolen FTP credentials to perpetuate a vicious cycle of user compromise, credential theft, site infection and malware storage.
Source: https://threatpost.com/one-every-150-legitimate-sites-infected-malware-020310/73479/