Attacks carried out through the Internet is becoming increasingly complex, and defense at the entrance cannot be completely effective against infection of a computer terminal to malware. Post-measures for discovering infection as quick as possible after a successful attack are therefore becoming more important in preventing widespread damage.
Generation of a blacklist is a known technique. As a method of generating a black list, such a technique is known that accesses to a suspicious URL, which is suspected to be malicious to an extent, determines whether the URL is actually malicious based on its subsequent behavior in communication, and adds the URL to the blacklist.
Use of a system including a honeypot as illustrated in FIG. 12 is another known method. FIG. 12 is a drawing that illustrates a conventional blacklist generating system. The blacklist generating system illustrated in FIG. 12 generates a blacklist of malicious URLs on the basis of information acquired using the honeypot technique and extends the blacklist by warning of URLs looking similar to the acquired malicious URL and by attempting to collect information (for example, see Patent Literature 1).