Over half of this year's top malware programs infected PCs after users surfed the web and were duped into downloading, says Trend Micro.
The security company revealed that 12 percent of malware is spread through malicious email attachments but just 5 percent comes from bugs that exploit software vulnerabilities.
Paul Ferguson, network architect at Trend Micro said: "This illustrates that social engineering seems to be playing a larger role than we thought. The problem isn't due to software vulnerabilities in, say, the browser".
Trend Micro cited this as the reason why they and other security vendors have added other protection features including domain reputation ranking and URL filtering to their anti-virus software.
"We still have quite a way to go to get users to educate themselves about risks. They still manage to get duped into situations that put them at risk."
See also: Microsoft removes 1m fake antivirus apps