Malware, phishing, and spamming attacks continue to proliferate in the Internet environment. Past attempts to block this proliferation have focused on, and been based off of the Universal resource locator (URL) associated with content that is linked to malware, phishing, and spamming activities. This has led to a lag in thwarting such attacks due, at least in part, to the difficulty in chronicling an URL and its various variants.
Studies have indicated that, in at least some instances, new domains quickly appear and serve the same malware every time a domain associated with such malware goes down. Moreover, heuristics associated with hash-based or signature-based approaches can be circumvented by slightly changing the binaries associated with identified domains.