Technology standards organization IEEE has taken matters into its own hands to foster cooperation in the security community when it comes to common issues, like malware authors hijacking legitimate programs in the software space. It has launched the Anti-Malware Support Service (AMSS), to provide a place for collaboration on new technologies and standards-related offerings. The first two AMSS services, the Clean File Metadata eXchange (CMX) and the Taggant System have launched, with additional services planned for the future.
Part of the IEEE Standards Association's (IEEE-SA) Industry Connections Security Group (ICSG), AMSS is designed to increase the availability of and access to stronger cryptographic and metadata cybersecurity tools and resources.
“Software packer and obfuscator companies often feel abused by malware authors,” said Mark Kennedy, chairman at the IEEE-SA ICSG and an engineer at Symantec, in a statement. “By working collaboratively, the security industry can apply economic pressure to the malware industry that couldn’t be achieved independently. A product of this collaboration, AMSS provides a robust set of shared support services that will help mitigate the spread and effects of rapidly mutating malware threats.”
AMSS’ CMX provides real-time information about clean files using metadata like hashes, filenames, directory paths, signatures and version information submitted by software providers. With its pass-through model, the system authenticates the data and allows security products and services to retrieve the verified data for use in their own ecosystems. By providing a single, shared repository of critical information, CMX streamlines the process of verifying clean files, reducing false positives detected by anti-virus software and the delay between threat discovery and whitelist updating.
The Taggant System, meanwhile, places a cryptographically secure marker in packed and obfuscated files generated by commercial software distribution packer programs. The system can precisely detect which user license key was used to create packed software, including packed malware, making it easier to trace the origin of obfuscated programs. Once detected and identified, malicious license keys can be blacklisted, preventing further use.
“The global malware problem continues to escalate in terms of size, complexity, and frequency of attacks,” said Igor Muttik, vice chair at the IEEE-SA ICSG and senior architect at McAfee. “Malware creators are also becoming increasingly sophisticated in the art of evasion, allowing 0-day and targeted attacks to slip by undetected. To help counter these threats, AMSS gives software providers efficient and cost-effective tools, enabling them to reallocate their valuable resources to other business activities.”