Update December 10th: SWITCH has asked if I could link to their press release from a couple of weeks.
Just one note on that: In the Wikileaks.ch press statement, SWITCH states that “a domain name is not the same as a website” and that SWITCH is not responsible for the content of any .ch or .li domains. Funny, with the action against malware, they are clearly ignoring this fact and they act based solely on content of a website. Just my 2 cents…
The Swiss Domain Name registry SWITCH is allowed by law to remove/block access to malicious domains. I won’t talk if this makes sense or not… But today, thanks to Roman of abuse.ch I have found a new list by the Internet Storm Center. That list contains malicious or suspecious websites and domains. Not less than 11 of those domains are .ch domains.
- all-switzerland.ch (126.96.36.199)
- alpine-balloon-challenge.ch (188.8.131.52)
- artsimone.ch (184.108.40.206)
- feuerwehr-zermatt.ch (220.127.116.11)
- fivestar.ch (18.104.22.168)
- jaquemet-zehnder.ch (22.214.171.124)
- jes.ch (126.96.36.199)
- jugendfeuerwehr-zermatt.ch (255.255.255.255, VERY strange)
- mg-bern.ch (188.8.131.52)
- tamiljugend.ch (184.108.40.206)
- ushan.ch (not registered)
What I have discovered, is that the websites are hosted with different providers. Therefor this does not seem to be a compromised server or anything.
The question that remains is, if Switch (or nic.ch) will block those domains and if so, what can the owners of those domain names do against it?
Please keep in mind, these domains are only being suspected of hosting and distributing malicious content! But it is recommended to not visit any of these hosts!