Malware Detection for SMS/MMS Based Attacks

US 20120151588A1
Filed: 12/09/2010
Published: 06/14/2012
Est. Priority Date: 12/09/2010
Status: Active Grant

First Claim

Patent Images

1. A mobile device for detecting message-based malware on a network, the mobile device comprising:

a processor;

a transceiver in communication with the processor to enable communication with the network;

a memory in communication with the processor;

a plurality of contacts stored on the memory;

a lightweight agent stored in the plurality of contacts; and

a malware on the memory;

wherein the malware, in an attempt to spread to a target mobile device by sending a message to a selected contact within the plurality of contacts, selects the lightweight agent; and

wherein the lightweight agent is hidden to a user of the mobile device but indistinguishable from the plurality of contacts by the malware.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Devices, systems, and methods are disclosed which utilize lightweight agents on a mobile device to detect message-based attacks. In exemplary configurations, the lightweight agents are included as contacts on the mobile device addressed to an agent server on a network. A malware onboard the mobile device, intending to propagate, unknowingly addresses the lightweight agents, sending messages to the agent server. The agent server analyzes the messages received from the mobile device of the deployed lightweight agents. The agent server then generates attack signatures for the malware. Using malware propagation models, the system estimates how many active mobile devices are infected as well as the total number of infected mobile devices in the network. By understanding the malware propagation, the service provider can decide how to deploy a mitigation plan on crucial locations. In further configurations, the mechanism may be used to detect message and email attacks on other devices.

32 Citations

View as Search Results

20 Claims

1. A mobile device for detecting message-based malware on a network, the mobile device comprising:
- a processor;
  
  a transceiver in communication with the processor to enable communication with the network;
  
  a memory in communication with the processor;
  
  a plurality of contacts stored on the memory;
  
  a lightweight agent stored in the plurality of contacts; and
  
  a malware on the memory;
  
  wherein the malware, in an attempt to spread to a target mobile device by sending a message to a selected contact within the plurality of contacts, selects the lightweight agent; and
  
  wherein the lightweight agent is hidden to a user of the mobile device but indistinguishable from the plurality of contacts by the malware.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The mobile device of claim 1, wherein the network is a cellular network and the transceiver is a cellular transceiver.
  - 3. The mobile device of claim 1, further comprising a lightweight agent logic on the memory which adds the lightweight agent to the plurality of contacts.
  - 4. The mobile device of claim 1, wherein the lightweight agent is an address of an agent server.
  - 5. The mobile device of claim 4, wherein the agent server receives a message from the mobile device and alerts a service provider.
  - 6. The mobile device of claim 1, wherein the message is one of a short message service (SMS) message and a multimedia messaging service (MMS) message.

7. A system for detecting messaging-based malware, the system comprising:
- a cellular network;
  
  a source mobile device in communication with the cellular network, the source mobile device containing a malware and a contact list including a lightweight agent; and
  
  an agent server on the cellular network, the agent server containing an agent logic;
  
  wherein the malware cannot distinguish between contacts on the contact list and the lightweight agent, the lightweight agent being an address of the agent server; and
  
  wherein the malware selects the lightweight agent and sends a message to the agent server, the agent server receiving the message.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The system of claim 7, wherein the lightweight agent is hidden from a user of the source mobile device.
  - 9. The system of claim 7, wherein the agent server alerts a service provider.
  - 10. The system of claim 7, wherein the agent server determines a signature of the message.
  - 11. The system of claim 10, wherein the agent server compares the signature of the message with previous signatures.
  - 12. The system of claim 7, wherein the agent server determines a source of the malware.
  - 13. The system of claim 7, wherein the message is one of a short message service (SMS) message and a multimedia messaging service (MMS) message.

14. A method of detecting messaging-based malware in a network, the method comprising:
- receiving a message at an agent server from a source mobile device, the source mobile device containing a malware;
  
  determining a signature of the malware from the message;
  
  determining a current state of propagation of the malware; and
  
  predicting a malware propagation trend for the future;
  
  wherein the malware selects a lightweight agent from within contacts of the source mobile device, the lightweight agent being the address of the agent server;
  
  wherein the malware sends the message to the agent server via the mobile device; and
  
  wherein the malware signature is determined and captured within a short period of time after a malware outbreak.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, further comprising comparing the signature to a previous signature of a previously received message.
  - 16. The method of claim 14, further comprising alerting a service provider of the receiving of the message.
  - 17. The method of claim 16, further comprising alerting the service provider of the state of propagation of the malware.
  - 18. The method of claim 14, further comprising determining a source of the malware.
  - 19. The method of claim 14, further comprising storing the signature of the malware.
  - 20. The method of claim 14, wherein the lightweight agent is hidden from a user of the source mobile device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Wang, Wei, Xu, Gang

Granted Patent

US 9,064,112 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/56   Computer malware detection ...

G06F 2221/2123   Dummy operation

H04L 51/212   using filtering or selectiv...

H04L 51/58   Message adaptation for wire...

H04L 63/1491   using deception as counterm...

H04W 12/12   Detection or prevention of ...

H04W 12/128   Anti-malware arrangements, ...

Malware Detection for SMS/MMS Based Attacks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

32 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Malware Detection for SMS/MMS Based Attacks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links