Skip to main content
SpringerLink
Log in

Understanding the spread of malicious mobile-phone programs and their damage potential

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

The fast growing market for smart phones coupled with their almost constant on-line presence makes these devices the new targets of malicious code (virus) writers. To aggravate the issue, the security level of these devices is far below the state-of-the art of what is used in personal computers. It has been recently found that the topological spread of multimedia message service (MMS) viruses is highly restricted by the underlying fragmentation of the call graph—the term topological here refers to the explicit use of the call graph topology to find vulnerable phones. In this paper, we study MMS viruses under another type of spreading behavior that locates vulnerable phones by generating a random list of numbers to be contacted, generally referred to as scanning. We find that hybrid MMS viruses including some level of scanning are more dangerous to the mobile community than their standard topological counterparts. Interestingly, this paper shows that the topological and scanning behaviors of MMS viruses can be more damaging in high and low market share cases, respectively. The results also show that given sufficient time, sophisticated viruses may infect a large fraction of susceptible phones without being detected. Fortunately, with the improvement of phone providers’ monitoring ability and the timely installations of patches on infected phones, one can contain the spread of MMS viruses. Our findings lead to a better understanding on how one could prevent the spread of mobile-phone viruses even in light of new behaviors such as scanning.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

Notes

  1. http://en.wikipedia.org/wiki/Creeper_virus.

  2. http://www.kaspersky.com/about/news/virus/2000/TIMOFONICA_Virus_Questions_and_Answers.

  3. http://www.f-secure.com/v-descs/worm_symbos_beselo.shtml.

References

  1. Andersen, R., May, R.: Infectious diseases of humans: dynamics and control. Oxford Science Publications, Oxford (1992)

    Google Scholar 

  2. Bose, A., Hu, X., Shin, K., Park, T.: Behavioral detection of malware on mobile handsets. In: Proceedings of the 6th International Conference on Mobile Systems, Applications, and Services (MobiSys08), pp. 225–238. New York (2008)

  3. Bose, A., Shin, K.: On mobile viruses exploiting messaging and bluetooth services. In: Securecomm and Workshops, pp. 1–10. Baltimore (2006)

  4. Bunde, A., Havlin, S. (eds.): Percolation and disordered systems: theory and applications, vol. 266. Physica A (1999)

  5. Caldarelli, G.: Scale-free networks: complex webs in nature and technology. Oxford University Press, Oxford (2007)

    Book  Google Scholar 

  6. Callaway, D.S., Newman, M.E.J., Strogatz, S.H., Watts, D.J.: Network robustness and fragility: percolation on random graphs. Phys. Rev. Lett. 85(25), 5468–5471 (2000)

    Article  Google Scholar 

  7. Candia, J., González, M.C., Wang, P., Schoenharl, T., Madey, G., Barabási, A.L.: Uncovering individual and collective human dynamics from mobile phone records. J. Phys. A: Math. Theor. 41, 224,015 (2008)

    Google Scholar 

  8. Chen, Y., Paul, G., Cohen, R., Havlin, S., Borgatti, S.P., Liljeros, F., Stanley, H.E.: Percolation theory applied to measures of fragmentation in social networks. Phys. Rev. E 75(4), 046,107 (2007)

    Google Scholar 

  9. Cheng, J., Wong, S.H., Yang, H., Lu, S.: Smartsiren: virus detection and alert for smartphones. In: Proceedings of the 5th International Conference on Mobile Systems, Applications and Services, pp. 258–271. ACM, New York, NY (2007)

  10. Cohen, R., Erez, K., Ben-Avraham, D., Havlin, S.: Resilience of the internet to random breakdowns. Phys. Rev. Lett. 85(21), 4626–4628 (2000)

    Article  Google Scholar 

  11. Dorogovtsev, S.N., Mendes, J.F.F., Samukhin, A.N.: Giant strongly connected component of directed networks. Phys. Rev. E 64, 025,101 (2001)

    Google Scholar 

  12. Funk, S., Salathe, M., Jansen, V.: Modelling the influence of human behaviour on the spread of infectious diseases: a review. J. R. Soc. Interface 7, 1247–1256 (2010)

    Article  Google Scholar 

  13. Gao, C., Liu, J., Zhong, N.: Network immunization and virus propogation in email networks: experimental evaluation and analysis. Knowl. Inf. Syst. 27(2), 253–279 (2011)

    Article  MathSciNet  Google Scholar 

  14. Hypponen, M.: Malware goes mobile. Scientific American, pp. 70–77 (2006)

  15. Kim, H., Smith, J., Shin, K.G.: Detecting energy-greedy anomalies and mobile malware variants. In: Proceedings of the 6th International Conference on Mobile Systems, Applications, and Services (MobiSys08), pp. 239–252. New York (2008)

  16. Kleinberg, J.: The wireless epidemic. Nature 449, 287–288 (2007)

    Article  Google Scholar 

  17. Lambiotte, R., Blondel, V.D., de Kerchove, C., Huens, E., Prieur, C., Smoreda, Z., Dooren, P.V.: Geographical dispersal of mobile communication networks. Phys. A: Stat. Mech. Its Appl. 387(21), 5317–5325 (2008)

    Google Scholar 

  18. Mickens, J., Nobel, B.: Modeling epidemic spreading in mobile environment. In: Proceedings of the ACM Workshop Wireless Security, pp. 77–86. New York (2005)

  19. Onnela, J.P., Saramaki, J., Hyvonen, J., Szabo, G., Lazer, D., Kaski, K., Kertesz, J., Barabási, A.L.: Structure and tie strengths in mobile communication networks. Proc. Natl. Acad. Sci. 104(18), 7332–7336 (2005)

    Article  Google Scholar 

  20. Palla, G., Barabási, A.L., Vicsek, T.: Quantifying social group evolution. Nature 446, 664–667 (2007)

    Article  Google Scholar 

  21. Schechter, S., Jung, J., Berger, A.: Fast detection of scanning worm infections. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) Recent Advances in Intrusion Detection, Lecture Notes in Computer Science, vol. 3224, pp. 59–81. Springer, Berlin (2004)

  22. Shevchenko, A.: An Overview of Mobile Device Security (2005). http://www.viruslist.com/

  23. Su, J., Chan, K.W., Miklas, A., Po, K., Akhavan, A., Saroiu, S., de Lara, E., Goel, A.: A preliminary investigation of worm infections in a bluetooth environment. In: Proceedings of the 5th ACM Workshop Rapid Malcode (WORM), pp. 9–16. New York (2006)

  24. Wang, P., González, M.C.: Understanding spatial connectivity of individuals with non uniform population density. Philos. Trans. R. Soc. A 367, 3321–3329 (2009)

    Article  MATH  Google Scholar 

  25. Wang, P., González, M.C., Hidalgo, C.A., Barabási, A.L.: Understanding the spreading patterns of mobile phone viruses. Science 324, 1071–1076 (2009)

    Article  Google Scholar 

  26. Xie, L., Zhang, X., Chaugule, A., Jaeger, T., Zhu, S.: Designing system-level defenses against cellphone malware. In: Proceedings of the 28th IEEE International Symposium on Reliable Distributed Systems (SRD09), pp. 89–90. SRD09, New York (2009).

  27. Yan, G., Flores, H., Cuellar, L., Hengatner, N., Eidenbenz, S., Vu, V.: Bluetooth worm propagation: mobility pattern matters. In: Proceedings of the 2nd ACM Symposium on Information, Computer and Communication Security, pp. 32–44. New York (2007)

  28. Zhu, Z., Cao, G., Zhu, S., Ranjan, S., Nucci, A.: A social network based patching scheme for worm containment in cellular networks. In: Proceedings of the 28th IEEE International Conference on Computer Communication (INFOCOM09), pp. 1476–1484. Rio de Janeiro, Brazil (2009)

Download references

Acknowledgments

We thank G. Xiao and C. Song for discussions and comments on the manuscript. This work was supported by National Natural Science Foundation of China (No. 51208520), the James S. McDonnell Foundation twenty-first Century Initiative in Studying Complex Systems, the National Science Foundation within the DDDAS (CNS-0540348), ITR (DMR-0426737) and IIS-0513650 programs. P. Wang acknowledges support from Shenghua Scholar Program of Central South University.

Author information

Authors and Affiliations

  1. School of Traffic and Transportation Engineering, Central South University, Changsha, People’s Republic of China

    Pu Wang

  2. Department of Civil and Environmental Engineering, Massachusetts Institute of Technology, Cambridge, MA, USA

    Marta C. González

  3. BioComplex Laboratory, Department of Computer Sciences, Florida Institute of Technology, Melbourne, FL, USA

    Ronaldo Menezes

  4. Center for Complex Network Research, Department of Physics, Biology and Computer Science, Northeastern University, Boston, MA, USA

    Albert-László Barabási

Authors
  1. Pu Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marta C. González
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ronaldo Menezes
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Albert-László Barabási
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ronaldo Menezes.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Wang, P., González, M.C., Menezes, R. et al. Understanding the spread of malicious mobile-phone programs and their damage potential. Int. J. Inf. Secur. 12, 383–392 (2013). https://doi.org/10.1007/s10207-013-0203-z

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-013-0203-z

Keywords

Search

Navigation