Security firm Finjan has warned that malicious code is more likely to be hosted on local servers in the US and UK than in countries with less developed electronic crime law enforcement policies.
Finjan analysed more than 10 million unique URLs based on live web traffic recorded in the UK. Ninety per cent of the URLs containing malicious code discovered in the study resided on servers located in the US or UK.
The security firm also noticed a continuing evolution in the complexity of attacks, specifically the increasing use of code obfuscation using diverse randomisation techniques.
More than 80 per cent of the malicious code detected by Finjan was obfuscated, making it virtually invisible to pattern-matching or signature-based methods in use by antivirus products.
There is also evidence of increasing sophistication in embedding malicious code within legitimate content, and less dependence on "outlaw servers" in unregulated countries.
"The results of this study shatter the myth that malicious code is primarily being hosted in countries where e-crime laws are less developed," said Yuval Ben-Itzhak, chief technology officer at Finjan.
"Our research shows that malicious content is much more likely to show up on a local server than one in Asia or Eastern Europe.
"Unfortunately this means that the traditional location-based reputation heuristics are increasingly ineffective against modern attacks."
Finjan found that advertising is the leading category for URLs containing malicious code, representing 80 per cent of all instances.
Attackers have discovered that the multiple parties involved, and the complex structure of business relationships in online advertising, make it relatively easy to inject malicious content into generally legitimate ad delivery streams.
Microsoft comes up with a new way to foist its unloved and little used Edge web browser on people
Facebook suspends Cambridge Analytica following weekend claims that it illegally harvested information from 50 million users
Insider claims Cambridge Analytica used academic app to filch Facebook data of 50 million users
Is the Samsung Galaxy S9+ worth its high price?