In general, anti-malware systems detect malicious software by analyzing how software behaves. Anti-malware systems can also blacklist websites and domains that transmit such software to prevent users from being victimized. In order to circumvent such blacklisting, purveyors of malware may frequently transfer malicious content to new web domains that have not yet been blacklisted or otherwise tagged as malicious. Once data about the behavior of these new domains is gathered, however, anti-malware systems can analyze the behavior and tag the new domains as malicious.
To facilitate understanding, identical reference numerals have been used, where possible, to designate identical elements that are common to the figures. It is contemplated that elements disclosed in one embodiment may be beneficially utilized on other embodiments without specific recitation.