Unfortunately we were passed over by the Nobel Assembly for a prize from their esteemed foundation again this year, but the Swiss weren’t so shortsighted.
Adrian Leuenberger from SWITCH-CERT in Switzerland presented a last minute talk titled “Cleaning up the net 2.0 – a success story of cleaning 3,000+ websites” at this year’s Virus Bulletin conference in Dallas, Texas.
SWITCH-CERT is the domain registrar for the .ch (Switzerland) and .li (Liechtenstein) top-level domains (TLDs) and recently gained the authority to try to notify and help clean websites within these TLDs.
Adrian shared his processes and procedures for detecting, notifying and remediating affected web sites and talked about how they were able to clean more than 1,000 malicious sites between January and July of 2012.
SWITCH worked together with OFCOM, the Swiss Federal Office of Communications, to implement a process where they are allowed to take domains offline for sites spreading malicious content or hosting phishing sites until they are clean.
Adrian made a plea to the Virus Bulletin audience with a promise… He would send a 4.5 kg (9.92 lb), 80 cm (2.5 ft) long Toblerone chocolate bar to the research lab that could submit the largest list of infected .ch and .li domains.
One of our Vancouver researchers, Onur Komili, heard about the contest from a colleague and being a sucker for chocolate mined our databases for information to provide to SWITCH-CERT.
In the end, we won! To quote Adrian “I can happily announce that Sophos delivered by far the largest list of potentially malicious URLs.”
The picture at the top of this post is Tareq Alkhatib enjoying the spoils, while below you can see Onur pondering the how to go about opening a 4.5 kg chocolate bar.
I would like to say congratulations to SophosLabs!
We are proud to help the Swiss make their domain space a little bit safer and hope their experiment can be a model for cleaning up the web in other countries.
Thank you to Andrew Ludgate in SophosLabs Vancouver for sharing the photos.