摘要 |
Devices, systems, and methods are disclosed. An agent resides in a mobile communication device. The agent detects Proximity-based Mobile Malware Propagation. The agent injects one or more trigger network connections in the candidate connection list. These connections appear as legitimate networks and devices, but instead trigger connection to an agent server on a service provider's network. By attempting to connect through the trigger network connection, the malware reveals itself The system helps collect the malware signature within a short period of time after the malware outbreak in local areas, though such attacks typically bypass network based security inspection in the network. |
主权项 |
1. A mobile communication device comprising:
a processor; a transceiver in communication with the processor; and a memory that stores a malware and an agent logic that, when executed by the processor, causes the processor to perform operations comprising
discovering a plurality of devices in a proximity,compiling a list of discovered devices in the proximity,creating a trigger by the agent logic, the trigger comprising a fake connection that, when selected, causes the agent logic to connect to an agent server on a network,inserting a trigger into the list of discovered devices, wherein the trigger, when selected, causes the agent logic to connect to the agent server, wherein the agent server collects malware signatures, and wherein the trigger appears to the malware to be one of the list of discovered devices,receiving, from the malware, a request to connect to the trigger, and in response to receiving the request to connect to the trigger, connecting to the agent server and reporting malware activity to the agent server.
|