Devices, systems, and methods for detecting proximity-based mobile propagation

US 8,763,126 B2
Filed: 12/08/2010
Issued: 06/24/2014
Est. Priority Date: 12/08/2010
Status: Active Grant

First Claim

Patent Images

1. A mobile communication device comprising:

a processor;

a transceiver in communication with the processor; and

a memory that stores a malware and an agent logic that, when executed by the processor, causes the processor to perform operations comprisingdiscovering a plurality of devices in a proximity,compiling a list of discovered devices in the proximity,creating a trigger by the agent logic, the trigger comprising a fake connection that, when selected, causes the agent logic to connect to an agent server on a network,inserting a trigger into the list of discovered devices, wherein the trigger, when selected, causes the agent logic to connect to the agent server, wherein the agent server collects malware signatures, and wherein the trigger appears to the malware to be one of the list of discovered devices,receiving, from the malware, a request to connect to the trigger, and in response to receiving the request to connect to the trigger, connecting to the agent server and reporting malware activity to the agent server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Devices, systems, and methods are disclosed. An agent resides in a mobile communication device. The agent detects Proximity-based Mobile Malware Propagation. The agent injects one or more trigger network connections in the candidate connection list. These connections appear as legitimate networks and devices, but instead trigger connection to an agent server on a service provider'"'"'s network. By attempting to connect through the trigger network connection, the malware reveals itself The system helps collect the malware signature within a short period of time after the malware outbreak in local areas, though such attacks typically bypass network based security inspection in the network.

36 Citations

View as Search Results

20 Claims

1. A mobile communication device comprising:
- a processor;
  
  a transceiver in communication with the processor; and
  
  a memory that stores a malware and an agent logic that, when executed by the processor, causes the processor to perform operations comprisingdiscovering a plurality of devices in a proximity,compiling a list of discovered devices in the proximity,creating a trigger by the agent logic, the trigger comprising a fake connection that, when selected, causes the agent logic to connect to an agent server on a network,inserting a trigger into the list of discovered devices, wherein the trigger, when selected, causes the agent logic to connect to the agent server, wherein the agent server collects malware signatures, and wherein the trigger appears to the malware to be one of the list of discovered devices,receiving, from the malware, a request to connect to the trigger, and in response to receiving the request to connect to the trigger, connecting to the agent server and reporting malware activity to the agent server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The device in claim 1, wherein the transceiver communicates using at least one protocol selected from a list comprising:
    - WiFi;
      
      BLUETOOTH;
      
      infrared; and
      
      cellular radio frequency.
  - 3. The device of claim 1, wherein the trigger is hidden from the user.
  - 4. The device of claim 1, wherein the malware includes a malware signature.
  - 5. The device of claim 4, wherein the reporting includes sending the malware signature to the agent server.
  - 6. The device of claim 1, wherein the agent logic, when executed by the processor, causes the processor to perform operations further comprising receiving responses from the plurality of devices.
  - 7. The device of claim 1, wherein the reporting includes sending the request to connect to the agent server.
  - 8. The device of claim 1, wherein the malware comprises a mobile malware that propagates via proximity-based mobile malware propagation.

9. A system for tracking proximity-based mobile malware propagation, the system comprising:
- an agent server that collects malware signatures; and
  
  a mobile communication device in communication with the agent server, wherein the mobile device stores a malware and an agent logic that, when executed by the mobile communication device, causes the mobile communication device to perform operations comprising;
  
  discovering a plurality of devices in a proximity of the mobile communication device,compiling a list of discovered devices in the proximity,creating a trigger with the agent logic, the trigger comprising a fake connection that, when selected, causes the agent logic to connect to the agent server,inserting the trigger into the list of discovered devices, wherein the trigger appears to the malware to be one of the list of discovered devices,receiving a request to connect to the trigger, and in response to receiving the request to connect to the trigger, connecting to the agent server and reporting malware activity to the agent server.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein the plurality of devices comprises a device selected from the list comprising:
    - a further mobile communication device;
      
      a wireless access point; and
      
      an onboard resource of the mobile communication device.
  - 11. The system of claim 9, wherein the agent logic, when executed by the mobile device, causes the mobile device to perform operations further comprising receiving, from the malware, a request to discover the plurality of devices in the proximity from the malware.
  - 12. The system of claim 9, wherein the agent logic, when executed by the mobile device, causes the mobile device to perform operations further comprising receiving responses from the plurality of devices.
  - 13. The system of claim 9, wherein the agent logic, when executed by the mobile device, causes the mobile device to perform operations further comprising hiding the trigger from a user.
  - 14. The system of claim 9, wherein the reporting includes sending the request to connect to the agent server.
  - 15. The system of claim 9, wherein the malware comprises a mobile malware that propagates via proximity-based mobile malware propagation.

16. A method comprising:
- discovering, by a mobile communications device that executes an agent logic and stores a mobile malware, a plurality of devices in a proximity of the mobile communications device;
  
  compiling, by the mobile communications device, a list of discovered devices in the proximity;
  
  creating, by the mobile device, a trigger comprising a fake connection that, when selected, causes the agent logic to connect to an agent server on a network, wherein the agent server collects malware signatures;
  
  inserting, by the mobile communications device, the trigger into the list of discovered devices;
  
  receiving, by the agent logic, a request to connect to the trigger; and
  
  in response to receiving the request to connect to trigger, connecting, by the mobile device, to the agent server and reporting malware activity to the agent server.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, further comprising receiving a request to discover the plurality of devices from the mobile malware.
  - 18. The method of claim 16, further comprising receiving responses from the plurality of devices.
  - 19. The method of claim 16, further comprising hiding the trigger from a user.
  - 20. The method of claim 16, wherein the reporting includes sending the request to connect to the agent server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Wang, Wei, Xu, Gang, de los Reyes, Gustavo
Primary Examiner(s)
Siddiqi, Mohammad A

Application Number

US12/963,617
Publication Number

US 20120151587A1
Time in Patent Office

1,294 Days
Field of Search

726 22- 25, 455/67.11, 455/411, 455/522, 713/1
US Class Current

726/24
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/564   by virus signature recognition

G06F 2221/034   Test or assess a computer o...

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/145   the attack involving the pr...

Devices, systems, and methods for detecting proximity-based mobile propagation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

36 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Devices, systems, and methods for detecting proximity-based mobile propagation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links