Devices, systems, and methods for detecting proximity-based mobile malware propagation
First Claim
Patent Images
1. A device comprising:
- a processor; and
logic that, when executed by the processor, causes the processor to perform operations comprisingreceiving, from a mobile communications device that executes an agent logic, a malware signature associated with a malware that uses proximity-based malware propagation, wherein execution of the agent logic causes the mobile communications device to generate a list of discovered devices in a proximity of a transceiver of the mobile communications device, to insert a trigger network connection into the list of discovered devices, and to send the malware signature in response to detecting a request to connect to the trigger network connection, and wherein the mobile communications device is one of a plurality of devices that are configured to provide malware signatures.
1 Assignment
0 Petitions
Accused Products
Abstract
Devices, systems, and methods are disclosed. An agent resides in a mobile communication device. The agent detects Proximity-based Mobile Malware Propagation. The agent injects one or more trigger network connections in the candidate connection list. These connections appear as legitimate networks and devices, but instead trigger connection to an agent server on a service provider'"'"'s network. By attempting to connect through the trigger network connection, the malware reveals itself. The system helps collect the malware signature within a short period of time after the malware outbreak in local areas, though such attacks typically bypass network based security inspection in the network.
34 Citations
20 Claims
-
1. A device comprising:
-
a processor; and logic that, when executed by the processor, causes the processor to perform operations comprising receiving, from a mobile communications device that executes an agent logic, a malware signature associated with a malware that uses proximity-based malware propagation, wherein execution of the agent logic causes the mobile communications device to generate a list of discovered devices in a proximity of a transceiver of the mobile communications device, to insert a trigger network connection into the list of discovered devices, and to send the malware signature in response to detecting a request to connect to the trigger network connection, and wherein the mobile communications device is one of a plurality of devices that are configured to provide malware signatures. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system comprising:
a server comprising a processor and logic that, when executed by the processor, causes the server to perform operations comprising receiving, from a mobile communications device that executes an agent logic, a malware signature associated with a malware that uses proximity-based malware propagation, wherein execution of the agent logic causes the mobile communications device to generate a list of discovered devices in a proximity of a transceiver of the mobile communications device, to insert a trigger network connection into the list of discovered devices, and to send the malware signature in response to detecting a request to connect to the trigger network connection, and wherein the mobile communications device is one of a plurality of devices that are configured to provide malware signatures to the server. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
14. A method comprising:
receiving, at a server that comprises a processor, a malware signature associated with a malware that uses proximity-based malware propagation, wherein the malware signature is received from a mobile communications device that executes an agent logic, wherein execution of the agent logic causes the mobile communications device to generate a list of discovered devices in a proximity of a transceiver of the mobile communications device, to insert a trigger network connection into the list of discovered devices, and to send the malware signature in response to detecting a request to connect to the trigger network connection, wherein the mobile communications device is one of a plurality of devices that are configured to provide malware signatures to the server. - View Dependent Claims (15, 16, 17, 18, 19, 20)
Specification