Security systems need to use other techniques as well, to detect these kinds of attacks, including behavior-based approaches, sandboxing, and analyzing the actual files that the sites attempt to install.
Domain shadowing also hinders researchers, Williams said.
"It's easy for us, because we're Cisco, and we have this gigantic cloud infrastructure," he said. "But for anybody who doesn't have this ability, by the time they detect that a piece of malware has been downloaded, they have no way to figure out what happened because it's already moved on to a different website."
According to the report, the attackers have only made use of about a third of the domains so far, indicating that they have plenty of domains in reserve.
Sign up for Computerworld eNewsletters.