The researchers paid three traffic brokers at total of US$161.84 to direct 49,000 visitors with IP addresses in the U.S. and Europe to their two Web sites. More than 20,000 of those visitors "had a least one vulnerable component installed and more than 5,700 visitors had multiple vulnerable components," the study said.
"If we were the bad guys, we could have infected all of them with malware," Wondracek said.
The researchers concluded that it only takes a small investment in order to potentially infect thousands of computers with malicious code, and that adult Web site operators "have business models based on very questionable practices."
Pornographic Web sites account for about 12 per cent of all Web pages on the Internet.
The study was authored by Wondracek along with Thorsten Holz, Christian Platzer, Engin Kirda and Christopher Kruegel.
Sign up for CIO Asia eNewsletters.