Today I found an interesting link on the Analysis of Web-based Malware produced by Google to present the state of malware on the Web and emphasize the importance of this rising threat. This whitepaper is really awesome where they discussed different mechanisms used to inject malicious content on popular web sites: web server security, user contributed content, advertising and third-party widgets, here they also point out large number of the exploits found having to do with website vulnerabilities, including those found within ASP and PHP and additionally a big chunk was delivered through holes in the site that allowed XSS.
All about threats and Vulnerabilities: As we know this thing very well that more users are connected to the Internet and conduct their daily activities electronically, computer users have become the target of an underground economy that infects hosts with malware or adware for financial gain. Unfortunately, even a single visit to an infected web site enables the attacker to detect vulnerabilities in the user’s applications and force the download a multitude of malware binaries. Frequently, this malware allows the adversary to gain full control of the compromised systems leading to the ex-filtration of sensitive information or installation of utilities that facilitate remote control of the host.