Datanet Security announced series of new features in Version 6.2 of Bad IP-ID Block List

By | August 10, 2006

The Datanet Security group announced today that their Bad IP-ID Block List product and service has a new series of integrated features in its version 6.2. The list – a dynamic base archive with daily updates of IP addresses sending malicious and undesirable electronic mail messages – now also includes hijacked and dormant network blocks, phishing IP´s, spyware IP´s and zombies.

The service focuses traditionally also on IP´s sending email containing viruses, Trojans, hackers and unsolicited commercial messages (spam). By deploying an international honeynet, collecting and sampling received messages, the format, content, and origin are dissected, and the malicious senders identified.

“Our service includes the most up to date collection of Bad IP´s. It´s continuously collected, compared, filtered, ranked for activity and region, and daily dispatched to our customers,” says Victoria de Piro, Executive Director with the Datanet Security Group responsible for the Bad IP-ID Block List. “Spyware, the annoying hidden programs that relay sensitive and private information about users to other external entities, are a grave danger for the international network community. Phishing, the trick where criminals encourage recipients to update their user information on well known websites from banks, EBay, PayPal, etc. while the provided hot-links actually end up with those criminals, is aggressively on the rise as well”, says Victoria. “Without the user´s knowledge names, addresses, credit card numbers, social security numbers, passwords and other vital personal and sensitive corporate information is slipping out to the dark side of society”, she adds.

“We hear almost weekly of new giant breaches and infringements in almost all Internet savvy nations. Industry anticipates by providing trustworthy filtering software and innovative hardware solutions. But each have, as the Internet numbering, their limitations on capacity, physical, time and organizational constraints. Software and hardware simply runs better, more economical and faster, if a pre-configured filter is installed with the most prominent bad IP addresses. The program or machine doesn´t have to decide if it´s a bad address; we did that already. The Bad IP-ID Block List is just a very resource friendly addition,” joins Mary Snow, Datanet Security Group´s Vice-President Internet Crime Intelligence. “Tens of millions of users look at millions of different web sites. Billions of email messages traverse daily over the Internet; from anywhere to anywhere, from company to enterprise and enterprise to government. The opportunities for criminals are attractive, abundant and have a great degree of desirable anonymity. That translates in tens of thousands of serious attempts per day, and unfortunately, the majority of those attempts are with a serious grade of success”. Mary Snow: “Some of the most notorious criminals go even further. They hijack complete net blocks to assure themselves of adequate instant connectivity and flexibility in fast and automated number switching, locking on to – sometimes unaware and innocent – zombie machines, like stand-by equipment at universities”.

The Bad IP-ID Block List is a pre-filtered, pre-conditioned and optimized collection of always the last 365 previous days of bad activity, covering the entire IP net range, Worldwide. The users are diversified; government entities, private and public companies as well as organizations and non-profits. Many Fortune-1000 enterprises have it as a standard pre-configured blacklist for their large corporate networks. Some deploy the list in compacted format within their ingress routing structure as an access control list (ACL). Others have it installed in their professional intrusion prevention and firewall systems. Subscription to the list is annual, based on a strict qualification process, and only available to businesses and organizations. For more information consult the website at http://www.firewalls.net/.

Leave a Reply