SYSTEM AND METHOD OF MALWARE SAMPLE COLLECTION ON MOBILE NETWORKS

US 20080086776A1
Filed: 10/09/2007
Published: 04/10/2008
Est. Priority Date: 10/06/2006
Status: Active Grant

First Claim

Patent Images

1. A collection agent, comprising:

a first network interface operably adapted for receiving a network data sample;

a protocol handler operably adapted to receive said network data sample from said first network interface and extract an executable code from said network data sample; and

a second network interface operably adapted for receiving said executable code from said protocol handler and for sending said executable code to a sample collection center.

View all claims

15 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A collection agent monitors a mobile network for data samples containing executable code. The collection agent accepts executables and forwards them to a sample collection center for further analysis, reporting, or in some instances initiating one or more mitigating actions. Depending on the network protocol being monitored, the collection agent responds to connection attempts from nearby mobile devices.

Citations

20 Claims

1. A collection agent, comprising:
- a first network interface operably adapted for receiving a network data sample;
  
  a protocol handler operably adapted to receive said network data sample from said first network interface and extract an executable code from said network data sample; and
  
  a second network interface operably adapted for receiving said executable code from said protocol handler and for sending said executable code to a sample collection center.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The collection agent of claim 1, wherein said first network interface and said second network interface are the same physical interface.
  - 3. The collection agent of claim 1, wherein said protocol handler is operably adapted to verify said executable code as being executable on a mobile platform prior to sending said executable code to said sample collection center.
  - 4. The collection agent of claim 1, wherein said protocol handler is operably adapted to scan said executable code, to detect if said executable code contains a malware, and to provide an indication of said malware in said executable code to said sample collection center.
  - 5. The collection agent of claim 1, wherein said first interface is selected from the group consisting of:
    - a wireless interface, a Bluetooth wireless interface, a WiFi wireless interface, an IEEE 802.x wireless interface, a data networking interface, a TCP/IP capable data networking interface, and an Internet capable data networking interface, and wherein said second interface is selected from the group consisting of;
      
      a wireless interface, a WiFi wireless interface, an IEEE 802.x wireless interface, a data networking interface, a TCP/IP capable data networking interface, an Internet capable data networking interface, a telephony interface, a plain old telephone interface, an ISDN interface, an xDSL interface, and a fiber interface.
  - 6. The collection agent of claim 1, wherein the collection agent is a mobile device.

7. A method of detecting malware for use in a mobile environment, said method comprising:
- monitoring a protocol for a sample containing executable code;
  
  accepting said executable code;
  
  verifying said executable code is executable on a mobile platform; and
  
  sending said executable code to a sample collection center.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, wherein said protocol is selected from the group consisting of:
    - Bluetooth, WiFi, IEEE 802.x, and TCP/IP.
  - 9. The method of claim 7, wherein said protocol is selected from a group consisting of:
    - Bluetooth, WiFi, and 802.x, and said accepting said executable code further comprises;
      
      receiving a broadcast connection message;
      
      sending a connection response message; and
      
      receiving said executable code.
  - 10. The method of claim 7, further comprising:
    - scanning said executable code for a malware; and
      
      sending an indication to said sample collection center when said malware is detected in said executable code.
  - 11. The method of claim 10, further comprising:
    - blocking further transmission of said executable code containing said malware.
  - 12. The method of claim 10, further comprising:
    - alerting a mobile device that said executable code contains said malware.
  - 13. The method of claim 10, further comprising:
    - preventing said executable code containing said malware from being executed on a mobile device.

14. A wireless sample collection system, comprising:
- means for monitoring a wireless network protocol for a sample containing executable code;
  
  means for accepting said executable code; and
  
  means for reporting said executable code to a network management system.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The wireless sample collection system of claim 14, further comprising:
    - means for verifying said executable code is executable on a mobile platform prior to reporting said executable code.
  - 16. The wireless sample collection system of claim 14, wherein said means for accepting further comprises:
    - means for receiving a broadcast connection message; and
      
      means for sending a connection response message.
  - 17. The wireless sample collection system of claim 14, further comprising:
    - means for scanning said executable code to detect when said executable code contains a malware; and
      
      means for reporting that said executable code contains said malware when said means for scanning detects said malware.
  - 18. The wireless sample collection system of claim 17, further comprising:
    - means for blocking further transmission of said executable code containing said malware.
  - 19. The wireless sample collection system of claim 17, further comprising:
    - means for preventing said executable code containing said malware from being executed on a mobile device.
  - 20. The wireless sample collection system of claim 17, further comprising:
    - means for alerting a mobile device that said executable code contains said malware.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pulse Secure, LLC (Ivanti Software, Inc.)
Original Assignee
Pulse Secure, LLC (Ivanti Software, Inc.)
Inventors
Venugopal, Deepack, Hu, Guoning, Tuvell, George

Granted Patent

US 8,881,283 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/564   by virus signature recognition

H04L 63/145   the attack involving the pr...

H04L 63/1491   using deception as counterm...

H04W 12/08   Access security

H04W 12/12   Detection or prevention of ...

H04W 12/128   Anti-malware arrangements, ...

SYSTEM AND METHOD OF MALWARE SAMPLE COLLECTION ON MOBILE NETWORKS

First Claim

15 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD OF MALWARE SAMPLE COLLECTION ON MOBILE NETWORKS

First Claim

15 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links