Security Groups Tout Chain of Trust Initiative to Combat Malware

Three cyber-security groups said May 19 they are launching a new initiative applying many of the same approaches used to bring nuisance adware under control, a chain-of-command plan for "all organizations and individuals that play a role in securing the Internet."

Developed by the ASC (Anti-Spyware Coalition), NCSA (National Cyber Security Alliance) and StopBadware.org, "the Chain of Trust Initiative will link together security vendors, researchers, government agencies, Internet companies, network providers, [and] advocacy and education groups in a systemic effort to stem the rising tide of malware," the groups said in a news release.

"Strong security in any one organization or sector is not enough to combat an agile, fast-evolving threat like malware, which exploits security breakdowns between entities," Ari Schwartz, ASC coordinator and vice president of the Center for Democracy & Technology, said in a statement. "We all need to work together to build a system that can withstand and repel the next generation of exploits."

The group's first step will be to "map the complex, interdependent network of organizations and individuals that make up the chain" in hopes of identifying all its vulnerabilities, it said in the release. "ASC, NSCA and StopBadware.org will lead the mapping effort and jointly develop ideas and initiatives to form stronger bonds between links in the chain."

"Organization and collaboration are our best tools against an enemy that doesn't play by any rules," StopBadware.org Manager Maxim Weinstein said. "Just by [the] nature of how the Internet works, malware distributors have a technological advantage, but we can respond by strengthening our shared networks and by better understanding our shared responsibilities."

The release added, "Kaspersky [Lab] recently reported that malware distributed through social networking sites is successful 10 times more often than scams distributed via e-mail."