Packed files are a huge problem in the software security world. Many attackers use packers to create polymorphic code to defeat anti-malware signature systems. The Software Taggant System is designed to address this. In the physical world, a taggant is a physical marker added to explosives at manufacturing so either pre or post explosion the manufacturer can be determined. In the software world the taggant will allow security vendors to determine what packer license key was used to create a given packed file. The taggant is cryptographically secure so it cannot be spoofed. When a malware author creates a malicious file and packs it the taggant is added. This way security vendors can blacklist various license keys while allowing other good files with non-blacklisted keys to run. Any attempt to spoof the system is easily identified and those files blocked. This system is the result of an unprecedented cooperation between the software security vendors and the software packer providers.
Mark Kennedy has been with Symantec for 20 years. The first 10 were in the utilities area, while the last 10 have been in anti-malware. I am also on the Board of Directors of the Anti-Malware Testing Standards Organization (AMTSO), as well as its secretary. I am also the Chairman of the IEEE Anti-Malware Working Group.
Igor Muttik (PhD) is a senior architect with McAfee Labs™. He started researching computer malware in 1980s when anti-virus industry was in its infancy. Igor holds a PhD degree in physics and mathematics from the Moscow University. He is a regular speaker at major international security conferences (RSA, DefCon and many others) and a member of CARO.