Systems and methods for classifying files as specific types of malware

What is claimed is: 1. A computer-implemented method for classifying files as specific types of malware, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising: identifying an unknown file on the computing device; performing an analysis of the unknown file by applying, to the unknown file, a machine-learning heuristic that employs at least one decision tree; classifying the unknown file as malicious based on the analysis by the machine-learning heuristic; and after classifying the unknown file as malicious, using the same decision tree employed by the machine-learning heuristic to sub-classify the unknown file by: identifying at least one leaf node of the decision tree arrived at by the analysis performed by the machine-learning heuristic on the unknown file; determining that the leaf node of the decision tree is associated with a particular type of malicious file; sub-classifying the unknown file as not being the particular type of malicious file; adjusting a sensitivity of the machine-learning heuristic associated with sub-classifying files based on a confidence level, wherein adjusting the sensitivity comprises: determining that one or more additional files on the computing device have been inaccurately classified by the machine-learning heuristic; and decreasing the sensitivity of the machine-learning heuristic so that only files having a confidence level above a threshold are sub-classified by the machine-learning heuristic; and sub-classifying the unknown file as the particular type of malicious file in response to adjusting the sensitivity; and performing a security action in response to the unknown file having been sub-classified by the machine-learning heuristic as the particular type of malicious file, the security action being correlated to the particular type of malicious file and protecting the computing device from harm by removing the particular type of malicious file. 2. The computer-implemented method of claim 1 , further comprising: selecting, from a list of security actions, the security action that is correlated to the particular type of malicious file. 3. The computer-implemented method of claim 1 , further comprising notifying a user of the computing device about the particular type of malicious file having been found on the computing device. 4. The computer-implemented method of claim 1 , wherein using the same decision tree employed by the machine-learning heuristic to sub-classify the unknown file comprises: identifying a plurality of leaf nodes of the decision tree arrived at by the analysis performed by the machine-learning heuristic, wherein each leaf node is associated with one or more particular types of malicious file; determining that a predetermined percentage of the plurality of leaf nodes are associated with the particular type of malicious file; and sub-classifying the unknown file as the particular type of malicious file based on the predetermined percentage of the plurality of leaf nodes being associated with the particular type of malicious file. 5. The computer-implemented method of claim 1 , wherein using the same decision tree employed by the machine-learning heuristic to sub-classify the unknown file comprises: identifying a plurality of leaf nodes of the decision tree arrived at by the analysis performed by the machine-learning heuristic, wherein each leaf node comprises a percentage for the particular type of malicious file; calculating a sum by adding the percentage from each leaf node; and sub-classifying the unknown file as the particular type of malicious file based on the sum of the percentages from the plurality of leaf nodes. 6. The computer-implemented method of claim 1 , wherein using the same decision tree employed by the machine-learning heuristic to sub-classify the unknown file does not comprise performing additional analysis of the decision tree by the machine-learning heuristic. 7. The computer-implemented method of claim 1 , further comprising: identifying a new unknown file on the computing device; performing a new analysis of the new unknown file by applying, to the new unknown file, the machine-learning heuristic that employs the decision tree; classifying the new unknown file as malicious based on the new analysis by the machine-learning heuristic; after classifying the new unknown file as malicious, using the same decision tree employed by the machine-learning heuristic to incorrectly sub-classify the unknown file as the particular type of malicious file; and successfully performing the security action on the new unknown file in response to classifying the new unknown file as malicious and despite incorrectly sub-classifying the new unknown file as the particular type of malicious file. 8. A system for classifying files as specific types of malware, the system comprising: an identification module, stored in memory, that identifies an unknown file on a computing device; an analysis module, stored in memory, that performs an analysis of the unknown file by applying, to the unknown file, a machine-learning heuristic that employs at least one decision tree; a classification module, stored in memory, that classifies the unknown file as malicious based on the analysis by the machine-learning heuristic; a sub-classification module, stored in memory, that, after classifying the unknown file as malicious, uses the same decision tree employed by the machine-learning heuristic to sub-classify the unknown file by: identifying at least one leaf node of the decision tree arrived at by the analysis performed by the machine-learning heuristic on the unknown file; determining that the leaf node of the decision tree is associated with a particular type of malicious file; sub-classifying the unknown file as not being the particular type of malicious file; adjusting a sensitivity of the machine-learning heuristic associated with sub-classifying files based on a confidence level, wherein adjusting the sensitivity comprises: determining that one or more additional files on the computing device have been inaccurately classified by the machine-learning heuristic; and decreasing the sensitivity of the machine-learning heuristic so that only files having a confidence level above a threshold are sub-classified by the machine-learning heuristic; and sub-classifying the unknown file as the particular type of malicious file in response to adjusting the sensitivity; and performing a security action in response to the unknown file having been sub-classified by the machine-learning heuristic as the particular type of malicious file, the security action being correlated to the particular type of malicious file and protecting the computing device from harm by removing the particular type of malicious file; and at least one physical processor configured to execute the identification module, the analysis module, the classification module, and the sub-classification module. 9. The system of claim 8 , wherein the sub-classification module: selects, from a list of security actions, the security action that is correlated to the particular type of malicious file. 10. The system of claim 8 , wherein the sub-classification module notifies a user of the computing device about the particular type of malicious file having been found on the computing device. 11. The system of claim 8 , wherein the sub-classification module uses the same decision tree employed by the machine-learning heuristic to sub-classify the unknown file by: identifying a plurality of leaf nodes of the decision tree arrived at by the analysis performed by the machine-learning heurist