Connect with us

Hi, what are you looking for?


Data Protection

IEEE Launches Anti-Malware Support Service

The IEEE launched has launched a new service designed to help the security industry respond more efficiently to the modern malware threat landscape.

The IEEE launched has launched a new service designed to help the security industry respond more efficiently to the modern malware threat landscape.

Announced this week, the new IEEE Anti-Malware Support Service (AMSS), is an initiative of the IEEE Standards Association’s (IEEE-SA) Industry Connections Security Group (ICSG) and brings together computer security vendors and other stakeholders in an effort to develop and provide new cryptographic and metadata tools and resources.

For the time being, the AMSS includes two services ̶the Taggant System and the Clean file Metadata eXchange (CMX), both of which are available based on an annual subscription.

IEEE also said that it plans on providing additional services in the future.

The Taggant System is designed to prevent malware creators from abusing legitimate commercial software distribution packaging programs, also know as packers, for developing malware variants that are difficult to detect. The new IEEE service uses cryptographically secure markers, which it places in files generated by packers, in an effort to determine which user license key has been utilized to create packed software. License keys that are used to created packed malware are blacklisted and all the files created with these keys are flagged as suspicious in the system, IEEE explained.

The Tagganat System can be used by software packer vendors (SPVs), the organizations that create commercial packing and obfuscation programs, and software security vendors (SSVs), which provide security solutions and compare license keys to ones that have been blacklisted. SSVs require licensing for the use of the Taggant System IEEE Public Root Key and access to the blacklist, which costs $8,000 per year. SPVs must only pay for the packer user certificates, which cost $0.33 per certificate.

“Software packer and obfuscator companies often feel abused by malware authors,” said Mark Kennedy, chairman of the IEEE-SA ICSG, and distinguished engineer at Symantec. “By working collaboratively, the security industry can apply economic pressure to the malware industry that couldn’t be achieved independently. A product of this collaboration, AMSS provides a robust set of shared support services that will help mitigate the spread and effects of rapidly mutating malware threats.”

Advertisement. Scroll to continue reading.

According to the IEEE, CMX was created in an effort to reduce the number of false positives detected by security solutions and the delay between the discovery of a threat and the updating of whitelists. The system accomplishes this by providing real-time access to a shared repository of information about clean files based on hashes, directory paths, filenames, signatures, version information and other metadata submitted by software developers.

The organizations that provide the metadata for their publicly released software and for internal corporate applications are called “providers” and they don’t have to pay a fee for access to CMX. However, they can contribute only if they have an invitation or a Class 3 Digital Code Signing Certificate. “Consumers,” those that use the metadata submitted by the “providers,” must pay an annual fee of $8,000 for access to CMX. It’s worth noting that organizations that pay the annual fee get access to both CMX and the Taggant System.

“The global malware problem continues to escalate in terms of size, complexity, and frequency of attacks,” commented Dr. Igor Muttik, vice chair of the IEEE-SA ICSG, and senior architect at McAfee. “Malware creators are also becoming increasingly sophisticated in the art of evasion, allowing 0-day and targeted attacks to slip by undetected. To help counter these threats, AMSS gives software providers efficient and cost-effective tools, enabling them to reallocate their valuable resources to other business activities.”

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.