Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

Australia mulls botnet takedown scheme

With an estimated 100,000 zombies in Australia, the government is considering adopting code whereby ISPs would contact users if the ISP determines a user is part of a BotNet. Having already conducted a trial in 2007 with 68 Australian ISPs filters would determine who, of a respective ISPs customer base, has been infected with malware.

ISPs would be expected to contact customers to inform them of their infected computer and offer clean-up advice. In extreme cases the ISP would be able to disconnect the user.

Such “clean feed” technology is currently available but at a cost. What remains to be seen is if such a “clean feed” would help or actually hinder business.

Click here for more information.

Malware lingers months on infected PCs

A recent study of 100,000,000 infected computers found that instead a six week infection life on computers, infections can last for more than two years with a 300 day median infection life. If not removed quickly, infection tends to linger for the life of the computer.

The largest botnets are Koobface, Zeus/Zbot and Ilomo/Clampi. The Koobface botnet currently contains around 51,000 computers, with five and six command and control centers. Between March and mid-August, 2009, there were 46 control domains tied to Koobface.

Click here for more information.

SANS Report: 60% Of All Attacks Hit Web Applications, Most In The U.S.

While enterprises take twice as long to patch applications over operating systems, a study indicates that 60% of all attacks target web applications and not the OS. Most of the attacks come through SQL injection and cross-site scripting (XSS). Zero-day attacks are another popular form targeting web applications.

Click here for more information.

Chinese Schools Quietly Remove Green Dam Filter

Green Dam, the software China mandated had to be installed on all computers sold to China after July 1, has been at the center of a global controversy. While the filtering software was publicly touted as necessary for the protection of children against child porn and other less desirable aspects of the Internet the software raised a storm of global protest over potentially being used to filter out other aspects aside from child porn; thus filtering out that which contradicts with the government line. The other criticism was how buggy the code was.

When July 1 rolled around the Chinese government pulled back saying it was no longer mandatory for installation on each computer sold to and running in China. However, it was still mandatory to be installed on all school computers.

Now schools are quietly removing the filtering software because the conflicts with software currently used by the schools have negatively impacted their normal operations.

Click here for more information.

France passes harsh anti-P2P three-strikes law (again)

Having already passed a similar bill only to have it thrown out by the courts, a new version of the bill has passed the French legislature. The bill will allow the accused to go before a judge before a user is disconnected. If convicted a user could be disconnected for up to a year. Also, to prevent one from saying “someone else” used their Internet connection to illegally share copyrighted material, users will have to show they have “secured” their Internet connections. If someone else uses one’s Internet connection that has NOT been secured, the person with the unsecured Internet connection can also be punished.

Click here for more information.