Verisign Asks ICANN For Take-Down Powers To Deal With Malware
Posted in: Domain Names at 12/10/2011 21:18
Verisign has made a request to ICANN to have the ability to suspend .COM, .NET and .NAME domain names involved in illegal activities such as hosting malware to protect the integrity, security and stability of the DNS.
The request to ICANN came through the Registry Services Evaluation Process (RSEP) proposal Verisign lodged with ICANN this week.
To address concerns of abusive activities online, Verisign has proposed a malware scanning service that would assist registrars in identifying legitimate sites that have been infected. They have also developed an anti-abuse policy to facilitate the takedown of abusive non-legitimate sites.
The malware scanning service is a result of registrants often being unknowing victims of malware exploits. Verisign has developed the capability to help identify malware in the zones managed by Verisign which, in turn, will help registrars by identifying malicious code hidden in their domain names. It is Verisign's intention they note in their proposal to ICANN to use this capability to identify malware on the internet and present the results to the registrars for action. This will be strictly optional and informational service to our registrars to allow them to address malware hidden in websites for the domain names they are managing.
To facilitate the takedown of malicious sites, Verisign's suspension system will contain the anti-abuse policy statement and a set of suspension procedures. The anti-abuse policy is comparable to other registry agreements, and Verisign plans to work with the registrars to develop a set of common suspension procedures to address non-legitimate abusive sites that effect the security and stability of the Internet.
In preparation to implement the service, Verisign has been working with the registrar community over the last six months piloting the malware scanning service, participating in the piloting of the suspension procedures in their 'White Hat' initiative, and meetings to craft the language for the RRA updates. Verisign has also gained the support of the Anti-Phishing Working Group who has been engaged with Verisign in the interoperability pilot.
More information is available in the Verisign proposal to ICANN at www.icann.org/en/registries/rsep/verisign-com-net-name-request-10oct11-en.pdf.