1. Field of the Invention
Embodiments of the present invention generally relate to network computing and, more particularly, to a method and apparatus for monitoring communications from a communications device.
2. Description of the Related Art
To protect computers connected to the Internet, various companies utilize network monitoring systems to identify threats propagating across the Internet. One such system used by Symantec Corporation is the Attack Quarantine Systems (AQS) that comprises a plurality of monitoring devices positioned throughout the world to collect network intelligence. The monitoring devices passively and actively receive data as communications flow through the Internet. Traditionally, a network monitoring system comprises numerous computers (monitoring devices) that have been deliberately unguarded in an effort to receive and collect malicious software for evaluation. Data sent to the monitoring devices can contain hostile programs such as malicious software agents, adware, spyware, viruses, and the like. Monitoring devices are used to identify new hostile programs and/or monitor the propagation of existing hostile programs. Monitoring devices are also used to monitor recent attacks on user computers such as phishing, SPAM, denial of service, viruses, and the like.
Another form of attack springs from infiltrating trusted relationships and exploiting the relationships. These attacks load malicious software onto a communications device (e.g., computer, cell phone, PDA, and the like) to further their propagation. Such attacks may require no user interaction to spread through a network. The software accesses a contact list within the device and sends malicious/unwanted information such as SPAM, duplicate copies of the malicious software, and the like to all the contacts in the contact list. Since these attacks are within the trusted relationship and the attacks do not flow indiscriminately through the Internet, a monitoring device will not intercept the communication. Thus, a trusted relationship form of attack may go undetected for a substantial amount of time.
Accordingly, there exists a need for a method and apparatus for forming a trusted relationship and monitoring communications from a communications device within the trusted relationship.