The present invention relates generally to identifying malware-compromised devices and, more particularly, to methods and systems for pinpointing malware-compromised devices utilizing connections of a user.
Anti-malware scanners typically detect malware based on signatures or heuristics. A business may have a large number of internal mobile device users. The current approach to detecting malware is to run anti-malware software on the mobile devices that can detect and block known malware. The anti-malware software is typically updated on a fixed schedule with the aid of a mobile device management (MDM) system. This leaves a significant time period during which new malware could infect the mobile device, consequently causing data breaches or other attacks on the information technology assets of a business. Further, detecting malware utilizing an MDM system may not be feasible, such as for mobile device users who are external to a business (e.g., customers). A vulnerability on one mobile device can easily result in malware being propagated rapidly across different users and/or platforms, thereby potentially negatively impacting the business associated with those mobile devices (be the devices internal or external to the business). Thus, it is desirable to determine a faster way of identifying mobile devices that are infected with malware, and take corrective action.