"Chain of Trust" initiative launched to fight malware
The Anti-Spyware Coalition (ASC), National Cyber Security Alliance (NCSA), and StopBadware.org announced their collaboration, known as the Chain of Trust Initiative, Tuesday at the ASC workshop in Washington.
The goal of the partnership is to map the threats by identifying attack vectors and appropriate solutions, Ari Schwartz, ASC coordinator and vice president of the Center for Democracy and Technology (CDT), a nonprofit public interest group, told SCMagazineUS.com Tuesday. The effort has involved security companies, independent researchers, webmasters, registrars, hosting companies, network providers, and enforcement agencies, the organizations said in a news release.
Michael Kaiser, executive director of the National Cyber Security Alliance, told SCMagazineUS.com Tuesday one of the main goals is to take a look at the whole internet and create a comprehensive map of where the strengths are -- where people are more secure -- and where the weaknesses are and disseminate this information to the public.
At the ASC workshop Tuesday, attendees discussed who owns the problem of malware on the web and what the roles and expecations are of the involved parties. Participants also took a look at how partnerships can be better fostered and information more effectively shared.
“One thing that's come up repeatedly is a lack of clear standards and expectations, and inability for one party to feel comfortable being protected legally if they make a determination on something and take action on it unilaterally,” Maxim Weinstein, Stopbadware.org Manager told SCMagazineUS.com Tuesday.
Members of the initiative will apply approaches similar to those used by the ASC to help bring adware under control -- creating risk models, definitions and best practices documents for dealing with web malware.
Schwartz said that during the past three years, the ASC has been instrumental in bringing down four major harmful adware purveyors, including Zango, which closed its doors last month.
“We came up with objective criteria to drive companies engaging in nuisance and harmful adware to make decisions on whether they would be pro-consumer or go underground,” Schwartz said. “We think we can do the same thing in other spaces as well.”
Meanwhile, the "Chain of Trust" will start to tackle other problems. One of its first areas of focus will be looking at ways to crack down on problematic web-hosting firms, Schwartz said.
So-called “bulletproof” hosting providers often do not care whether websites are engaging in malicious activities, Schwartz said. He added that people have been “disturbed” by this problem but have often been reluctant to target these groups in the past, thinking it is law enforcement's job. But Schwartz raised the issue of whether more might be done in the academic and research community to stop this problem.
“We've known it's a big problem but it became clearer after McColo came down and we saw a noticeable drop in spam,” Schwartz said.
Tuesday's meeting in Washington is the first step of the collaboration, he said. Ideas from the event will be compiled and the next meeting is scheduled for the fall.
In addition, the ASC will establish an area on its website for those interested in the cause to submit ideas and suggestions, Schwartz said.