Devices, systems, and methods for detecting proximity-based mobile malware propagation
First Claim
Patent Images
1. A device comprising:
- a processor;
a transceiver; and
a memory that stores an agent logic that, when executed by the processor, causes the processor to perform operations comprisingcompiling a list of discovered devices in a proximity of the transceiver,creating a trigger network connection that, when selected, causes the agent logic to connect to an agent server that collects malware signatures,inserting the trigger network connection into the list of the discovered devices,receiving a request to connect to the trigger network connection, andin response to receiving the request to connect to the trigger network connection, connecting to the agent server and reporting malware activity to the agent server.
1 Assignment
0 Petitions
Accused Products
Abstract
Devices, systems, and methods are disclosed. An agent resides in a mobile communication device. The agent detects Proximity-based Mobile Malware Propagation. The agent injects one or more trigger network connections in the candidate connection list. These connections appear as legitimate networks and devices, but instead trigger connection to an agent server on a service provider'"'"'s network. By attempting to connect through the trigger network connection, the malware reveals itself. The system helps collect the malware signature within a short period of time after the malware outbreak in local areas, though such attacks typically bypass network based security inspection in the network.
-
Citations
20 Claims
-
1. A device comprising:
-
a processor; a transceiver; and a memory that stores an agent logic that, when executed by the processor, causes the processor to perform operations comprising compiling a list of discovered devices in a proximity of the transceiver, creating a trigger network connection that, when selected, causes the agent logic to connect to an agent server that collects malware signatures, inserting the trigger network connection into the list of the discovered devices, receiving a request to connect to the trigger network connection, and in response to receiving the request to connect to the trigger network connection, connecting to the agent server and reporting malware activity to the agent server. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
a mobile communications device that stores an agent logic that, when executed by the mobile communications device, causes the mobile communications device to perform operations comprising compiling a list of discovered devices in a proximity of the mobile communications device, creating a trigger network connection that, when selected, causes the agent logic to connect to an agent server, inserting the trigger network connection into the list of the discovered devices, receiving a request to connect to the trigger network connection, and in response to receiving the request to connect to the trigger network connection, connecting to the agent server and reporting malware activity to the agent server. - View Dependent Claims (9, 10, 11, 12, 13)
-
14. A method comprising:
-
compiling, by a mobile communications device that executes an agent logic, a list of discovered devices in a proximity of the mobile communications device; creating, by the mobile communications device, a trigger network connection that, when selected, causes the agent logic to connect to an agent server that collects malware signatures; inserting, by the mobile communications device, the trigger network connection into the list of the discovered devices; receiving, by the agent logic, a request to connect to the trigger network connection; and in response to receiving the request to connect to the trigger network connection, connecting, by the mobile communications device, to the agent server and reporting malware activity to the agent server. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification