Devices, systems, and methods for detecting proximity-based mobile malware propagation

US 10,104,118 B2
Filed: 01/23/2017
Issued: 10/16/2018
Est. Priority Date: 12/08/2010
Status: Active Grant

First Claim

Patent Images

1. A device comprising:

a processor; and

logic that, when executed by the processor, causes the processor to perform operations comprisingreceiving, from a mobile communications device that executes an agent logic, a malware signature associated with a malware that uses proximity-based malware propagation, wherein execution of the agent logic causes the mobile communications device to generate a list of discovered devices in a proximity of a transceiver of the mobile communications device, to insert a trigger network connection into the list of discovered devices, and to send the malware signature in response to detecting a request to connect to the trigger network connection, and wherein the mobile communications device is one of a plurality of devices that are configured to provide malware signatures.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Devices, systems, and methods are disclosed. An agent resides in a mobile communication device. The agent detects Proximity-based Mobile Malware Propagation. The agent injects one or more trigger network connections in the candidate connection list. These connections appear as legitimate networks and devices, but instead trigger connection to an agent server on a service provider'"'"'s network. By attempting to connect through the trigger network connection, the malware reveals itself. The system helps collect the malware signature within a short period of time after the malware outbreak in local areas, though such attacks typically bypass network based security inspection in the network.

34 Citations

View as Search Results

20 Claims

1. A device comprising:
- a processor; and
  
  logic that, when executed by the processor, causes the processor to perform operations comprisingreceiving, from a mobile communications device that executes an agent logic, a malware signature associated with a malware that uses proximity-based malware propagation, wherein execution of the agent logic causes the mobile communications device to generate a list of discovered devices in a proximity of a transceiver of the mobile communications device, to insert a trigger network connection into the list of discovered devices, and to send the malware signature in response to detecting a request to connect to the trigger network connection, and wherein the mobile communications device is one of a plurality of devices that are configured to provide malware signatures.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The device of claim 1, wherein the malware signature is received via a communications network.
  - 3. The device of claim 1, wherein the agent logic is configured to insert the trigger network connection into the list of discovered devices in response to detecting a broadcast of a discover signal by the mobile communications device.
  - 4. The device of claim 1, wherein the plurality of devices are agents that provide the malware signatures.
  - 5. The device of claim 4, wherein the mobile communications device and another device of the plurality of devices are associated with different locations.
  - 6. The device of claim 1, wherein the logic, when executed by the processor, causes the processor to perform operations further comprising:
    - obtaining, from a further mobile communications device, a further malware signature, wherein the malware signature and the further malware signature are collected to detect new malware signatures for malware that uses proximity-based propagation.

7. A system comprising:
- a server comprising a processor and logic that, when executed by the processor, causes the server to perform operations comprisingreceiving, from a mobile communications device that executes an agent logic, a malware signature associated with a malware that uses proximity-based malware propagation, wherein execution of the agent logic causes the mobile communications device to generate a list of discovered devices in a proximity of a transceiver of the mobile communications device, to insert a trigger network connection into the list of discovered devices, and to send the malware signature in response to detecting a request to connect to the trigger network connection, and wherein the mobile communications device is one of a plurality of devices that are configured to provide malware signatures to the server.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The system of claim 7, further comprising a communications network, wherein the malware signature is received via the communications network.
  - 9. The system of claim 7, wherein the agent logic is configured to detect a broadcast of a discover signal by the mobile communications device and, in response to detecting the broadcast discover signal, insert the trigger network connection into the list of discovered devices.
  - 10. The system of claim 7, wherein the plurality of devices are agents that provide the malware signatures.
  - 11. The system of claim 10, wherein the mobile communications device and another device of the plurality of devices are associated with different locations.
  - 12. The system of claim 7, wherein the logic, when executed by the processor, causes the server to perform operations further comprising:
    - obtaining, from a further mobile communications device, a further malware signature, wherein the malware signature and the further malware signature are collected to detect new malware signatures for malware that uses proximity-based propagation.
  - 13. The system of claim 7, wherein the server comprises an agent server, and wherein the agent server is communicated with by the mobile communications device in response to the agent logic detecting the request to connect to the trigger network connection.

14. A method comprising:
- receiving, at a server that comprises a processor, a malware signature associated with a malware that uses proximity-based malware propagation, wherein the malware signature is received from a mobile communications device that executes an agent logic, wherein execution of the agent logic causes the mobile communications device to generate a list of discovered devices in a proximity of a transceiver of the mobile communications device, to insert a trigger network connection into the list of discovered devices, and to send the malware signature in response to detecting a request to connect to the trigger network connection, wherein the mobile communications device is one of a plurality of devices that are configured to provide malware signatures to the server.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, further comprising:
    - obtaining, from a further mobile communications device, a further malware signature.
  - 16. The method of claim 15, wherein the malware signature and the further malware signature are collected to detect new malware signatures for malware that uses proximity-based propagation.
  - 17. The method of claim 14, wherein the malware signature is received via a communications network.
  - 18. The method of claim 14, wherein the agent logic is configured to detect a broadcast of a discover signal by the mobile communications device and, in response to detecting the broadcast discover signal, insert the trigger network connection into the list of discovered devices.
  - 19. The method of claim 14, wherein the plurality of devices are recruited as agents to provide the malware signatures.
  - 20. The method of claim 19, wherein the mobile communications device and another device of the plurality of devices are associated with different locations.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Wang, Wei, Xu, Gang, de los Reyes, Gustavo
Primary Examiner(s)
Siddiqi, Mohammad A

Application Number

US15/412,275
Publication Number

US 20170134398A1
Time in Patent Office

631 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/564   by virus signature recognition

G06F 2221/034   Test or assess a computer o...

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/145   the attack involving the pr...

Devices, systems, and methods for detecting proximity-based mobile malware propagation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

34 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Devices, systems, and methods for detecting proximity-based mobile malware propagation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links