1. Field of the Subject Disclosure
The present subject disclosure relates to mobile devices. In particular, the present subject disclosure relates to the detection of message-based malware attacks.
2. Background of the Subject Disclosure
Mobile devices, such as cellular telephones, have become a common tool of everyday life. Cellular telephones are no longer used simply to place telephone calls. With the number of available features rapidly increasing, cellular telephones are now used for storing addresses, keeping a calendar, reading e-mails, drafting documents, etc. These devices are small enough that they can be carried in a pocket or purse all day, allowing a user to stay in contact almost anywhere. Recent devices have become highly functional, providing applications useful to business professionals as well as the casual user.
Mobile devices are frequently used for sending and receiving messages. Such devices may, for instance, send basic text messages using Short Message Service (SMS) and enhanced messages using Multimedia Messaging Service (MMS). Unfortunately, nowadays, the number of abilities also allows mobile devices to introduce new malware propagation vectors such as SMS/MMS messaging and file transfers. MMS messages can embed text, audio, images and video. Thus, messaging is a very powerful way to spread different types of malware. Many prevalent viruses, worms and Trojans utilize SMS/MMS as the propagation media, such as Mabir 2004, Commwarrior 2005, Skulls 2005, Redbrowser 2006, and Trojan-SMS.AndroidOS 2010.
Unlike proximity-based scanning which is limited to a small local area, mobile malware that exploits SMS/MMS for propagation is capable of worldwide damage, similar to nationwide attacks on the Internet. Introducing new mobile malware becomes easy for attackers via SMS/MMS messages, because messages can be routed across different network domains. Also, the propagation is much faster than proximity based attacks. A malicious mobile user can randomly pick a batch of victims from the contacts and spread viruses, worms, or Trojans.
Because of the scale-free nature of the SMS/MMS based malware distribution, it is challenging to analyze and monitor the status of the propagation. The number of phones that are infected, the number of currently active phones spreading viruses, and even identification of devices that are taking these actions need to be determined across the whole network in real time. It is also challenging to collect signatures for such attacks starting on day one.
Therefore, what are needed are devices, systems, and methods to collect and analyze information concerning a malware without unnecessarily affecting the performance of the device.