The search engine giant warned that fake antivirus software presents a growing threat to computer users after an investigation into some 240million web pages over a 13 month period.

The study, which was presented at the Usenix Workshop on Large-Scale Exploits and Emergent Threats in California, analysed websites between January 2009 and February 2010, finding more than 11,000 web domains involved in its distribution of fake antivirus software.

Fake antivirus software scams usually attempt to trick a user into believing that their PC has become infected with a virus or some other form of malware, with a pop-up message encouraging users to download a software package to remedy the problem. The software is then downloaded by an unsuspecting user, which then installs malicious programs onto their PC.

The scams are often distributed when a user visits an infected website, although many well respected websites, including the New York Times, The Daily Telegraph and The Daily Mail, have been caught up in fake antivirus scams after their ad system was hacked.

“Surprisingly, many users fall victim to these attacks and pay to register the fake [anti-virus software],” the study said.

“To add insult to injury, fake anti-viruses often are bundled with other malware, which remains on a victim’s computer regardless of whether a payment is made.”

More than half of the fake software – which predominantly targets Windows machines – was delivered via adverts, Google added.

Speaking at the RSA Conference in San Francisco, Veracode claimed that as many as as 58% of the 1,600 software applications that it tested could be exposed by a hacking or security attack similar to the Chinese hacking attack that targeted Google services. The company also claimed that the same holes were exploited in attacks on the US Department of Defense.

Veracode analysed a range of application types, and assessed “billions of lines of code” to build a comprehensive security overview, concluding that a wide range of enterprise applications are susceptible to “large scale attacks”.

“Because of the depth and breadth of the data in our platform, we have expansive knowledge about risk from all types of applications and across the software supply chain,” said Matt Moynahan, chief executive at Veracode.

“The report analyses the state of security more comprehensively than any others in this market, and offers specific recommendations for each type of potential threat.”

The company also claimed that the security of open-source applications, where the source code of the software is made open to the public, allowing amateur developers and enthusiasts to create improvements and applications to work with that software is comparable to that found in many outsourced and commercial applications.

After Microsoft admitted that it was a flaw in its browser that was exploited by hackers looking to launch an attack on Google systems, Microsoft will today (Thursday) take the rare step of releasing a critical security update early, with the update not due until February 9.

The update will be released at approximately 10am PST and comes after a number of high profile groups, including the governments of Australia, France and Germany, called for users to use alternative browsers to Internet Explorer, which has around 62.3% of the worldwide browser market. Following the announcement, both Mozilla Firefox and Opera, browsers which both claim user security as a selling point, saw notable spikes in the number of downloads.

“This is a standard cumulative update, accelerated from our regularly scheduled February release, for Internet Explorer with an aggregate severity rating of critical,” said Microsoft security programme manager Jerry Bryant.

“It addresses the vulnerability related to recent attacks against Google and a small subset of corporations, as well as several other vulnerabilities. Once applied, customers are protected against the known attacks that have been widely publicised.”

Microsoft have continued to refute claims that Internet Explorer is unsafe.

Microsoft admitted that a security hole in the browser, which makes up around 62.3% of the worldwide web browser market, was exploited by those who initiated the attack on Google services last week but the software giant has rejected the warning from the German Federal Office for Information Security.

The company claimed that the risk to users was low and that the browsers’ increased security setting would prevent any serious risk, a claim that the German authorities have refuted however, claiming that even this would not make Internet Explorer fully safe. They have proposed that users find alternative browsers, such as Mozilla Firefox, Google Chrome or Safari.

Thomas Baumgaertner, a spokesman for Microsoft in Germany, said that while they were aware of the warning, they did not agree with it, saying that the attacks on Google were by “highly motivated people with a very specific agenda”.

“These were not attacks against general users or consumers,” said Mr Baumgaertner.

“There is no threat to the general user, consequently we do not support this warning,” he added.

Microsoft says the security hole can be shut by setting the browser’s security zone to “high”, although this limits functionality and blocks many websites.

The company is also working on a fix for the bug and has not ruled out an “out of schedule” security update. The company usually issues updates on a monthly basis, with the next update due on February 9.

A recent security attack on Google and Google services, which it is claimed originated from China, has prompted the search engine giant to consider ending its activities in the country and now law firm Gipson Hoffman & Pancione, working on behalf of Solid Oak Software, has also reported being targeted.

The company is currently filing a lawsuit against the Chinese government after claiming that source code used in one of its software programmes has been stolen and be used in the government mandated Green Dam software that was included with all PCs sold in mainland China between July and August 2009. The software is used on all PCs in schools, internet cafes and public locations but home and business users are now no longer obliged to use the software. The lawsuit is worth around $2.2bn.

The company reported that employees were receiving emails, all of which carried Trojans, which were made to appear as if they were sent by other members of the firm.

The attack follows Google’s announcement on Tuesday that hackers it believed were acting on behalf of China attacked the defences of 34 large companies, including Google and Adobe. Google has since pledged to stop honouring the Chinese government’s demands to filter search results on Google.cn or pull out of China altogether, a market thought to be worth around $1bn.

Uses reported that almost all Google search results conducted within a 55 minute period on Saturday January 31 returned a warning that the link contained some form of malicious software, with alerts stating that the site “may harm your computer.”

Users who clicked on their preferred search result were advised to pick another one.

The search engine, whose corporate slogan is “Don’t be Evil”, later put the error down to a simple coding error.

“What happened? Very simply, human error,” wrote Marissa Mayer, vice president, search products and user experience, on the Official Google Blog.

“Google flags search results with the message ‘This site may harm your computer’ if the site is known to install malicious software in the background or otherwise surreptitiously. We do this to protect our users against visiting sites that could harm their computers.”

She added: “We work with a non-profit called StopBadware.org to come up with criteria for maintaining this list, and to provide simple processes for webmasters to remove their site from the list. We periodically update that list and released one such update to the site this morning.

“Unfortunately (and here’s the human error), the URL of ‘/’ was mistakenly checked in as a value to the file and ‘/’ expands to all URLs. Fortunately, our on-call site reliability team found the problem quickly and reverted the file.

“We will carefully investigate this incident and put more robust file checks in place to prevent it from happening again,” Ms Mayer wrote.