The end user isn't opening files from the internet; these are legitimate web searches that end in a user clicking on a compromised website and the malware executing in the background without the user having to do anything.
Really? Then isn't this a severity 1 security hole in the web browser?
How such a major security hole can be unfixed for so long?
It is almost as bad as the worm that was going around in 2004'ish -- you only needed to be connected to the internet to be infected.