The first two AMSS services, the Clean File Metadata eXchange (CMX) and the Taggant System are available today, with additional services planned for the future.
AMSS’ CMX provides real-time information about clean files using metadata like hashes, filenames, directory paths, signatures, and version information submitted by software providers. With its pass-through model, the system authenticates the data and allows security products and services to retrieve the verified data for use in their own ecosystems. By providing a single, shared repository of critical information, CMX streamlines the process of verifying clean files, reducing false positives detected by anti-virus software and the delay between threat discovery and whitelist updating.
The Taggant System places a cryptographically secure marker in packed and obfuscated files generated by commercial software distribution packer programs. The system can precisely detect which user license key was used to create packed software, including packed malware, making it easier to trace the origin of obfuscated programs. Once detected and identified, malicious license keys can be blacklisted, preventing further use.
“The global malware problem continues to escalate in terms of size, complexity, and frequency of attacks,” said Dr. Igor Muttik, vice chair, IEEE-SA Industry Connections Security Group, and senior architect, McAfee, Inc. “Malware creators are also becoming increasingly sophisticated in the art of evasion, allowing 0-day and targeted attacks to slip by undetected. To help counter these threats, AMSS gives software providers efficient and cost-effective tools, enabling them to reallocate their valuable resources to other business activities.”
“Software packer and obfuscator companies often feel abused by malware authors,” said Mark Kennedy, chairman, IEEE-SA Industry Connections Security Group, and distinguished engineer, Symantec. “By working collaboratively, the security industry can apply economic pressure to the malware industry that couldn’t be achieved independently. A product of this collaboration, AMSS provides a robust set of shared support services that will help mitigate the spread and effects of rapidly mutating malware threats.”
AMSS is available on an annual subscription basis that provides access to both the CMX and Taggant systems.