IEEE to create anti-malware “packer” validation system

Tracing system may reduce antivirus false-positives.
  • Liam Tung (CSO Online)
  • — 04 August, 2011 09:55

Standards body the IEEE has called for proposals to build a catalogue of people using binary “packers”, the software tools often used by malware writers to hide executable files from antivirus products.

The IEEE’s newly launched Software Taggant System borrows the idea of traceability from the explosives industry. It will aim to create a “marker” on the output of all certified packers in order to verify which license was used to create an executable file.

"The taggant concept and term are adopted from explosives, in which a chemical marker is added to allow tracing after an explosion,” explained Mark Kennedy, a Symantec Security Technology and Response group engineer.

However, to get the system up and running, the IEEE needs contributors to build software libraries for it, which would identify users of software packers and then be used to blacklist misused license keys. The outcome would be to allow antivirus vendors to focus attention on non-compliant packers.

“We think the IEEE Software Taggant System will drive malware developers away from compliant packers, which would both improve our chances of catching rogue operators and allow antivirus software to more efficiently process legitimate executable files created by packer software," said Kennedy.

The Industry Connections Security Group (ISCG), which developed the Taggant system for the IEEE, released its request for proposals at the Black Hat Technical Security conference in Las Vegas on Wednesday.

Igor Muttik, a senior architect with McAfee said it could solve a “big problem” that packer vendors and individual security companies had failed to. “Such a comprehensive solution would not have happened without ICSG," he said.
The problem that packers present for antivirus companies is that legitimate applications use the same “code-obfuscation” techniques that malware writers do, making it difficult to tell which ones to flag. This often led to false-positives, according to Michael Zunke, director of technology at SafeNet. 

Tags: SafeNet, malware developers, news, anti-malware, antivirus, binary packers, IEEE, malware writers, Black Hat Technical Security conference, symantec, mcafee, Software Taggant System, security

Review: Linux Security Distributions

MORE IN Government
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

AVG Internet Security 2011 Business Edition

Ultimate protection for your small or medium-sized business

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).

  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.