The IEEE launched has launched a new service designed to help the security industry respond more efficiently to the modern malware threat landscape.
Announced this week, the new IEEE Anti-Malware Support Service (AMSS), is an initiative of the IEEE Standards Association’s (IEEE-SA) Industry Connections Security Group (ICSG) and brings together computer security vendors and other stakeholders in an effort to develop and provide new cryptographic and metadata tools and resources.
For the time being, the AMSS includes two services ̶the Taggant System and the Clean file Metadata eXchange (CMX), both of which are available based on an annual subscription.
IEEE also said that it plans on providing additional services in the future.
The Taggant System is designed to prevent malware creators from abusing legitimate commercial software distribution packaging programs, also know as packers, for developing malware variants that are difficult to detect. The new IEEE service uses cryptographically secure markers, which it places in files generated by packers, in an effort to determine which user license key has been utilized to create packed software. License keys that are used to created packed malware are blacklisted and all the files created with these keys are flagged as suspicious in the system, IEEE explained.
The Tagganat System can be used by software packer vendors (SPVs), the organizations that create commercial packing and obfuscation programs, and software security vendors (SSVs), which provide security solutions and compare license keys to ones that have been blacklisted. SSVs require licensing for the use of the Taggant System IEEE Public Root Key and access to the blacklist, which costs $8,000 per year. SPVs must only pay for the packer user certificates, which cost $0.33 per certificate.
“Software packer and obfuscator companies often feel abused by malware authors,” said Mark Kennedy, chairman of the IEEE-SA ICSG, and distinguished engineer at Symantec. “By working collaboratively, the security industry can apply economic pressure to the malware industry that couldn’t be achieved independently. A product of this collaboration, AMSS provides a robust set of shared support services that will help mitigate the spread and effects of rapidly mutating malware threats.”
According to the IEEE, CMX was created in an effort to reduce the number of false positives detected by security solutions and the delay between the discovery of a threat and the updating of whitelists. The system accomplishes this by providing real-time access to a shared repository of information about clean files based on hashes, directory paths, filenames, signatures, version information and other metadata submitted by software developers.
The organizations that provide the metadata for their publicly released software and for internal corporate applications are called “providers” and they don’t have to pay a fee for access to CMX. However, they can contribute only if they have an invitation or a Class 3 Digital Code Signing Certificate. “Consumers,” those that use the metadata submitted by the “providers,” must pay an annual fee of $8,000 for access to CMX. It’s worth noting that organizations that pay the annual fee get access to both CMX and the Taggant System.
“The global malware problem continues to escalate in terms of size, complexity, and frequency of attacks,” commented Dr. Igor Muttik, vice chair of the IEEE-SA ICSG, and senior architect at McAfee. “Malware creators are also becoming increasingly sophisticated in the art of evasion, allowing 0-day and targeted attacks to slip by undetected. To help counter these threats, AMSS gives software providers efficient and cost-effective tools, enabling them to reallocate their valuable resources to other business activities.”
