Spoofing Reputation - how would someone do this?

In a system that uses purely reputation (let's negate all heuristic functions of such systems for now) I assume that it takes a tally of how many people have downloaded/ run a particular file. The more people the higher reputation.

How do systems like this protect themselves from someone simply moving that file through multiple machines or virtual machines?

If a reputation system factors into or overrides heuristics and spoofing were possible it could be a big issue.

I know SmartScreen uses reputation. I think Norton does as well and multiple other systems. I'm looking for insight as to how they manage to deal with this issue.

 

Maybe checking the system's activity like browsing data, recent tasks, etc., but that's spyware behaviour. That's why reputation can't be solely dependent.

 

But even when it's factored into heuristics it can have a large effect if an application has high reputation.

I assume MS and other vendors have already thought of this and come up with some way to mitigate.