Thinking that avoiding smut sites on the Web will save your PC from infection? Think again. Research from an antivirus vendor has shown that drive-by download sites - those that deliver malware to unsuspecting users - are far more likely to be found in the legitimate parts of the web, rather than the X-rated bits.

According to Avast, which sells software designed to protect your computer from infection, non-porn sites serving up viruses and worms outnumber porn sites doing so by 99-1. Their research found a number of 'legitimate' sites infecting computers, including certain parts of the web site operated by UK mobile phone firm Vodafone. How can that be?

Back in the day, porn sites were one of the most dangerous places on the web, from a malware perspective. The people putting up the images and video would often infect their own sites with drive-by download code as a means of infecting visitors. Since then, however, criminals have worked out how to infect other peoples' web sites with the malicious code.

Often, this is done by using web forms and code tacked onto the end of web addresses to manipulate the database that provides the content for the web site. Adding new content into the database causes it to invisibly display commands that secretly force a web browser to communicate with another computer online. That computer, operated by the original attacker, will then force the browser to install virus software.

You could almost admire the ingenuity of this approach if it wasn't so evil. It enables criminals to infect visitors to many legitimate web sites with their own malware, which will then secretly harvest passwords and bank details. And because many of those visitors haven't been looking at porn sites or visiting other nefarious places on the web (such as pirate software sites) they won't be expecting to get infected. And yet, in the past, everything from UN web sites through to CNET, Business Week and even the New York Times have been compromised by attackers who have managed to infect their sites.

Given that it seems to be impossible to trust any given web site these days, what can you do to stop this happening to you? Obviously, keeping your operating system up to date with good anti virus software is a start. You might also think about running a virtual operating system or virtualized browser to protect your computer. And a second line of defence in the form of an Internet-based scanning service would not be a bad idea.