The IEEE Standards Association has just launched a new Anti-Malware Support Service (AMSS) with the aim of increasing the availability of and access to stronger cryptographic and metadata cybersecurity tools and resources.
“Software packer and obfuscator companies often feel abused by malware authors,” said Mark Kennedy, chairman, IEEE-SA Industry Connections Security Group, and distinguished engineer, Symantec. “By working collaboratively, the security industry can apply economic pressure to the malware industry that couldn’t be achieved independently.”
A product of this collaboration, AMSS provides a robust set of shared support services that will help mitigate the spread and effects of rapidly mutating malware threats.”The first two AMSS services, the Clean File Metadata eXchange (CMX) and the Taggant System are available today, with additional services planned for the future.
Kennedy said CMX provides real-time information about clean files using metadata like hashes, filenames, directory paths, signatures, and version information submitted by software providers. With its pass-through model, the system authenticates the data and allows security products and services to retrieve the verified data for use in their own ecosystems.
“By providing a single, shared repository of critical information,” he said, “CMX streamlines the process of verifying clean files, reducing false positives detected by anti-virus software and the delay between threat discovery and whitelist updating.
The companion resource -Taggant System – places a cryptographically secure marker in packed and obfuscated files generated by commercial software distribution packer programs. “The system can precisely detect which user license key was used to create packed software, including packed malware,” said Kennedy, “making it easier to trace the origin of obfuscated programs. Once detected and identified, malicious license keys can be blacklisted, preventing further use.”
“The global malware problem continues to escalate in terms of size, complexity, and frequency of attacks,” said Dr. Igor Muttik, vice chair, IEEE-SA Industry Connections Security Group, and senior architect, McAfee, Inc. “Malware creators are also becoming increasingly sophisticated in the art of evasion, allowing 0-day and targeted attacks to slip by undetected.
AMSS is available on an annual subscription basis that provides access to both the CMX and Taggant systems. For more information, go to the IEEE AMSS web page.