Malware Detection for SMS/MMS Based Attacks
First Claim
1. A mobile device for detecting message-based malware on a network, the mobile device comprising:
- a processor;
a transceiver in communication with the processor to enable communication with the network;
a memory in communication with the processor;
a plurality of contacts stored on the memory;
a lightweight agent stored in the plurality of contacts; and
a malware on the memory;
wherein the malware, in an attempt to spread to a target mobile device by sending a message to a selected contact within the plurality of contacts, selects the lightweight agent; and
wherein the lightweight agent is hidden to a user of the mobile device but indistinguishable from the plurality of contacts by the malware.
1 Assignment
0 Petitions
Accused Products
Abstract
Devices, systems, and methods are disclosed which utilize lightweight agents on a mobile device to detect message-based attacks. In exemplary configurations, the lightweight agents are included as contacts on the mobile device addressed to an agent server on a network. A malware onboard the mobile device, intending to propagate, unknowingly addresses the lightweight agents, sending messages to the agent server. The agent server analyzes the messages received from the mobile device of the deployed lightweight agents. The agent server then generates attack signatures for the malware. Using malware propagation models, the system estimates how many active mobile devices are infected as well as the total number of infected mobile devices in the network. By understanding the malware propagation, the service provider can decide how to deploy a mitigation plan on crucial locations. In further configurations, the mechanism may be used to detect message and email attacks on other devices.
32 Citations
20 Claims
-
1. A mobile device for detecting message-based malware on a network, the mobile device comprising:
-
a processor; a transceiver in communication with the processor to enable communication with the network; a memory in communication with the processor; a plurality of contacts stored on the memory; a lightweight agent stored in the plurality of contacts; and a malware on the memory; wherein the malware, in an attempt to spread to a target mobile device by sending a message to a selected contact within the plurality of contacts, selects the lightweight agent; and wherein the lightweight agent is hidden to a user of the mobile device but indistinguishable from the plurality of contacts by the malware. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for detecting messaging-based malware, the system comprising:
-
a cellular network; a source mobile device in communication with the cellular network, the source mobile device containing a malware and a contact list including a lightweight agent; and an agent server on the cellular network, the agent server containing an agent logic; wherein the malware cannot distinguish between contacts on the contact list and the lightweight agent, the lightweight agent being an address of the agent server; and wherein the malware selects the lightweight agent and sends a message to the agent server, the agent server receiving the message. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A method of detecting messaging-based malware in a network, the method comprising:
-
receiving a message at an agent server from a source mobile device, the source mobile device containing a malware; determining a signature of the malware from the message; determining a current state of propagation of the malware; and predicting a malware propagation trend for the future; wherein the malware selects a lightweight agent from within contacts of the source mobile device, the lightweight agent being the address of the agent server; wherein the malware sends the message to the agent server via the mobile device; and wherein the malware signature is determined and captured within a short period of time after a malware outbreak. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification