SHORT-RANGE MOBILE HONEYPOT FOR SAMPLING AND TRACKING THREATS
First Claim
1. A computer-implemented method of sampling files for malware tracking on a mobile device, the computer-implemented method comprising:
- receiving a sampling module deployed to the mobile device, the sampling module performing steps comprising;
configuring file transfer mechanisms that use short-range communication technology on the mobile device to appear, to other devices, to be open for accepting attempts to transfer files;
intercepting files transferred via the short-range communication technology to the mobile device from another device;
quarantining the files transferred to the mobile device;
logging identifying information about the files quarantined and about the other devices from which the files originated, wherein logging identifying information comprises actively scanning each of the other devices from which the files originated to acquire identifying information about the other devices, and the identifying information logged about each of the other devices comprises a device type and an identification of ports on the other devices that are open for sharing files; and
providing the logged identifying information for the files received to a security server for malware tracking.
2 Assignments
0 Petitions
Accused Products
Abstract
Files received by a mobile device are sampled for malware tracking. The method includes configuring file transfer mechanisms that use short-range communication technology on the mobile device to appear, to other devices, to be open for accepting all attempts to transfer files. The method further comprises intercepting files transferred via the short-range communication technology to the mobile device from another device. The method also comprises quarantining the files transferred to the mobile device and logging identifying information about each of the files quarantined and about the other devices from which each of the files originated. The method further includes providing the logged identifying information for the files received to a security server. The method can also include, responsive to a request from the security server for more information about one of the files, providing a copy of that file to the security server for malware analysis and for updating a reputation system tracking mobile device malware.
-
Citations
21 Claims
-
1. A computer-implemented method of sampling files for malware tracking on a mobile device, the computer-implemented method comprising:
receiving a sampling module deployed to the mobile device, the sampling module performing steps comprising; configuring file transfer mechanisms that use short-range communication technology on the mobile device to appear, to other devices, to be open for accepting attempts to transfer files; intercepting files transferred via the short-range communication technology to the mobile device from another device; quarantining the files transferred to the mobile device; logging identifying information about the files quarantined and about the other devices from which the files originated, wherein logging identifying information comprises actively scanning each of the other devices from which the files originated to acquire identifying information about the other devices, and the identifying information logged about each of the other devices comprises a device type and an identification of ports on the other devices that are open for sharing files; and providing the logged identifying information for the files received to a security server for malware tracking. - View Dependent Claims (2, 3, 4, 6, 21)
-
5. (canceled)
-
7. (canceled)
-
8. A non-transitory computer-readable storage medium storing executable computer program instructions for sampling files for malware tracking on a mobile device, the computer program instructions comprising instructions for performing steps comprising:
receiving a sampling module deployed to the mobile device, the sampling module performing steps comprising; configuring file transfer mechanisms that use short-range communication technology on the mobile device to appear, to other devices, to be open for accepting attempts to transfer files; intercepting files transferred via the short-range communication technology to the mobile device from another device; quarantining the files transferred to the mobile device; and logging identifying information about the files quarantined and about the other devices from which the files originated, wherein logging identifying information comprises actively scanning each of the other devices from which the files originated to acquire identifying information about the other devices, and the identifying information logged about each of the other devices comprises a device type and an identification of ports on the other devices that are open for sharing files; providing the logged identifying information for the files received to a security server for malware tracking - View Dependent Claims (9, 10, 11, 12, 13)
-
14. A computer-implemented method of sampling files for malware tracking on mobile devices, the computer-implemented method comprising:
-
deploying sampling modules to a plurality of mobile devices having file transfer mechanisms using short-range communication technology, the file transfer mechanisms of the mobile devices being configured by the sampling modules to appear, to other devices, to be open for accepting all attempts to transfer files; periodically receiving, from the sampling modules, logged identifying information about a plurality of files intercepted and quarantined by the sampling modules and about the other devices from which the files originated, wherein the logged identifying information is obtained by actively scanning, by the sampling modules, the other devices from which the files originated to acquire identifying information about the other devices, and the logged identifying information about the other devices comprises device types and identifications of ports on the other devices that are open for sharing files; requesting, from the sampling modules, copies of certain of the files for which logged information was received; and analyzing the requested copies to identify the files that contain malware. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification