Devices, Systems, and Methods for Detecting Proximity-Based Mobile Malware Propagation

US 20120151587A1
Filed: 12/08/2010
Published: 06/14/2012
Est. Priority Date: 12/08/2010
Status: Active Grant

First Claim

Patent Images

1. A mobile communication device comprising:

a processor;

a memory in communication with the processor;

a transceiver in communication with the processor;

a malware on the memory; and

an agent logic on the memory fordiscovering a plurality of devices in a proximity,compiling a list of discovered devices in the proximity,inserting a trigger into the list of discovered devices,receiving a request to connect to the trigger from the malware, andreporting a malware activity to an agent server on a network;

wherein the trigger appears to the malware to be one of the plurality of discovered devices.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Devices, systems, and methods are disclosed which leverage an agent that resides in a mobile communication device to detect Proximity based Mobile Malware Propagation (PMMP). The agent injects one or several trigger network connections in the candidate connection list. These connections appear as legitimate networks and devices. However, the triggers connect to an agent server on a service provider'"'"'s network. Essentially, the method is based on the assumption that malware lacks the intelligence to differentiate the trigger network connection from a normal one. Therefore, by attempting to connect through the trigger network connection, the malware reveals itself. The system helps collect the malware signature within a short period of time after the malware outbreak in local areas, and such attacks typically bypass network based security inspection in the network.

Citations

20 Claims

1. A mobile communication device comprising:
- a processor;
  
  a memory in communication with the processor;
  
  a transceiver in communication with the processor;
  
  a malware on the memory; and
  
  an agent logic on the memory fordiscovering a plurality of devices in a proximity,compiling a list of discovered devices in the proximity,inserting a trigger into the list of discovered devices,receiving a request to connect to the trigger from the malware, andreporting a malware activity to an agent server on a network;
  
  wherein the trigger appears to the malware to be one of the plurality of discovered devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The device in claim 1, wherein the transceiver is at least one of WiFi, BLUETOOTH, infrared (IR), and cellular radio frequency (RF).
  - 3. The device in claim 1, wherein the trigger is presented to the user as an unusual device.
  - 4. The device in claim 1, wherein the trigger is hidden from the user.
  - 5. The device in claim 1, wherein the malware includes a signature.
  - 6. The device in claim 5, wherein the reporting includes sending the signature to the agent server.
  - 7. The device in claim 1, wherein the agent logic is further for receiving a request to discover a plurality of devices in the proximity from the malware.
  - 8. The device in claim 1, wherein the agent logic is further for receiving responses from the plurality of devices.
  - 9. The device in claim 1, wherein the reporting includes sending the connection request to the agent server.

10. A system for tracking proximity-based mobile malware propagation, the system comprising:
- a network;
  
  a mobile communication device in communication with the network;
  
  an agent server in communication with the network;
  
  a malware on the mobile communication device; and
  
  an agent logic on the mobile communication device fordiscovering a plurality of devices in a proximity,compiling a list of discovered devices in the proximity,inserting a trigger into the list of discovered devices,receiving a request to connect to the trigger, andreporting a malware activity to the agent server;
  
  wherein the trigger appears to the malware to be one of the plurality of discovered devices.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The system in claim 10, wherein the plurality of devices include at least one of a second mobile communication device, a wireless access point, and an onboard resource.
  - 12. The system in claim 10, wherein the agent logic is further for receiving a request to discover a plurality of devices in the proximity from the malware.
  - 13. The system in claim 10, wherein the agent logic is further for receiving responses from the plurality of devices.
  - 14. The system in claim 10, wherein the agent logic is further for hiding the trigger from a user.
  - 15. The system in claim 10, wherein the reporting includes sending the connection request to the agent server.

16. A method for tracking proximity-based mobile malware propagation, the method comprising:
- discovering a plurality of devices in a proximity;
  
  compiling a list of discovered devices in the proximity;
  
  inserting a trigger into the list of discovered devices;
  
  receiving a request to connect to the trigger; and
  
  reporting a malware activity to an agent server on a network;
  
  wherein the trigger appears to a malware to be one of the plurality of discovered devices.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method in claim 16, further comprising receiving a request to discover a plurality of devices in the proximity from the malware.
  - 18. The method in claim 16, further comprising receiving responses from the plurality of devices.
  - 19. The method in claim 16, further comprising hiding the trigger from a user.
  - 20. The method in claim 16, wherein the reporting includes sending the connection request to the agent server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
de los Reyes, Gustavo, Wang, Wei, Xu, Gang

Granted Patent

US 8,763,126 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/564   by virus signature recognition

G06F 2221/034   Test or assess a computer o...

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/145   the attack involving the pr...

Devices, Systems, and Methods for Detecting Proximity-Based Mobile Malware Propagation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Devices, Systems, and Methods for Detecting Proximity-Based Mobile Malware Propagation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links