I just read an article that is about malware that is brilliant and unbelievably frightening simultaneously. Basically, if an infected machine is told to go to a hostile site and it has (the machine) already visited the site, the ip address is used to filter the infected machine to a "benign" page.
It goes without saying how much more difficult this can make it to identify what exactly is happening on the target machine. The full article is here:
http://www.vnunet.com/vnunet/news/2191298/hackers-turn-genre-evasiveIf you don't mind the minor headache of having to temporarily allow scripts to run, I highly recommend noscript.net