Dynamic analysis is typically performed in a closed network environment to prevent malware under analysis from attacking machines on the Internet. However, many of today’s malware require Internet connections to operate. A closed network analysis environment will be of limited use for such malware as Internet bound connections are blocked. We propose a system to allow malware in a dynamic analysis environment to have seemingly unrestricted Internet access. Our system transparently retargets malicious network connections to compatible decoys within our system while allowing Internet access for harmless control traffic in unknown protocols. Among more than 2000 suspicious malwares, we first select 124 malwares that are flagged by all anti-virus scanners from 4 different vendors. Then, we exclude those malwares that exhibit no network activities or cannot connect to their designed machines on the Internet. Finally, we have 12 malware samples. The evaluation result shows that our system can allow the malware to exhibit more network activities than a closed network environment (3.35 times more on average) and even outperform a baseline open network environment for the case of spammer-type malwares. In the meantime, Internet security is significantly improved.