According to Microsoft's latest threat report HTTP based malware are on the rise:
... "Detections of the generic family JS/IframeRef increased fivefold in 4Q12 after falling off significantly between 2Q12 and 3Q12. IframeRef is a generic detection for specially formed HTML inline frame (IFrame) tags that redirect to remote websites that contain malicious content. The increased IframeRef detections in 2Q12 and 4Q12 resulted from the discovery of a pair of widely used new variants in April and November 2012." ...
Here's some statistics (also from the report):
Family 1Q12 2Q12 3Q12 4Q12
JS/IframeRef* 2.3% 11.3% 1.7% 13.6%
Blacole* 7.0% 5.4% 5.0% 5.1%
JS/BlacoleRef* 3.3% 4.1% 5.8% 4.2%
More client machines infected probably means more web servers spreading the malware.
