One way computers have traditionally been protected from unauthorized (and frequently malicious) programs/modifications (hereinafter collectively “malware”) is through the use of antivirus software, typically installed on the computer to be protected. Increasingly, malicious individuals and organizations are focusing their attacks on servers. Unfortunately, while server-oriented antivirus software can be used to protect the applications and operating systems of such servers from being compromised, any exploits that evade detection can readily be propagated by the server to potentially hundreds of thousands of clients, or more. Further, even if the server itself is fully protected, the pages that it serves to clients may nonetheless include malicious content loaded from external sources.
The potential for damage to many clients by a single server is sufficiently high that increasingly, major search providers, browser developers, and other entities such as third party security companies have begun blacklisting servers that are believed to be propagating infections. While such actions can potentially protect clients from being infected (because they are unable to retrieve any content from the blacklisted servers), the operators of blacklisted servers may have a difficult time correcting the problem (e.g., due to obfuscation techniques employed by the nefarious individuals) and/or being removed from the blacklist in a timely manner. For the operators, being blacklisted can result in the loss of both good will, and also revenue.