Often Malware can be downloaded from websites as an accident (hidden iframe content on compromised websites) or may need to communicate to an update server or control server across the Internet. This can be cut off with the use of the DNS and your local cache & recursive resolver.