Zscaler IPAbuseCheck roots out compromised IP addresses

Security firm Zscaler has released a tool designed to notify administrators when web properties are being used for cyber crime.

IPAbuseCheck can identify IP addresses connected to a network that have been involved in redirecting malicious or unwanted traffic, the firm said.

The tool, which is based on the Zscaler ThreatLabz research database, runs IP addresses through a database and notifies administrators when a match has been found. The database currently contains more than 20,000 IP addresses logged from attacks observed over the past four months.

IPAbuseCheck is offered to enterprises and providers as a free service to help contain web-based threats, including search engine optimised attack pages, spam and denial-of-service attacks.

Mike Geide, a senior security researcher at Zscaler ThreatLabz and developer of the tool, told V3 that the detection of compromised systems can often vary, particularly when the infected systems are not regularly in use and overlooked by administrators.

"Unfortunately, there are many cases where a system infected or abusing the web may go unnoticed for a long while if it is not regularly used, such as a development system that was set up for a project and then forgotten about," he said.

When a compromised system is detected, Geide recommends administrators follow best practices for handling infections such as malware scans and log investigations.