An interesting news item from SWITCH, the Swiss NREN and also operator of the .ch and .li TLD registries, on how they are alerting website owners to malware and, if necessary, taking action to protect customers from being infected.
Swiss law allows the registry to suspend a domain for five days, or longer if the need to do so is confirmed by the national information assurance reporting centre. A few months ago, SWITCH began scanning websites within their domains to determine if they had been infected by malware (malicious code that can be downloaded to a PC along with the rest of the content of a website) and informing the site owners if problems were identified. If the site owner does not respond within one working day then the domain is temporarily suspended so browsers attempting to visit it get an error page instead. The domain is restored as soon as the owner confirms that it has been cleaned or after five days if the reporting centre does not authorise a longer period. Even if the website is not disinfected, the five day suspension should allow time for users to (auto-)install updates to anti-virus and web browser blocklists to protect themselves.
The process resulted in the prompt removal of 88% of the website infections discovered.
[UPDATE: A report on the first six months of the project has been published]
