guy drawing formula

ICSG Malware Working Group

Sharing best practices and procedures in the fight against malware.


The Malware Working Group's aim is to solve some of the malware related issues the industry faces today.

The initial focus has been to establish more intelligent ways of sharing malware samples and the information associated with them in a way that makes the computer security industry more effective.

The working group is currently working on addressing the problem of obfuscated (packed) malware.

  • Documenting best practices for the use of packers by legitimate software developers
  • Defining various properties of packers concentrating on properties that are often associated with malicious uses
  • Creating a registry of packers and a common set of names for packers
  • Establishing a data sharing format to share packer information
  • Developing and implementing the "Taggant system" - embedding a cryptographically strong and performant hash into each packed object to recognize sources of packed files ("taggant" is a chemical marker added to explosives during the manufacturing process - it allows the tracking of samples of explosive back to their factory of manufacture)
  • Once the taggant library is implemented the working group will promote, facilitate and monitor its deployment within the industry (on both AV side and packer vendor side)

Working Group Participation
To participate in the Malware Working Group, the entity with which you are associated (company, organization, etc.) must become a member of ICSG.

Only entity members of the ICSG can have voting rights in the Working Group. Additionally, some individual subject experts may be invited to participate in the Working Group (without voting rights).