Home / malwarePDF  

Worm:SymbOS/HatiHati.A


First posted on 05 December 2007.
Source: SecurityHome

Aliases :

Worm:SymbOS/HatiHati.A is also known as HatiHati.A.

Explanation :

HatiHati.A is a worm-like application that spreads via MMC cards.

Once the worm copies itself to a new device, it starts sending a very high volume of SMS messages to a predefined number.

In most instances, the number to which HatiHati.A is attempting to send is +3396003964.

Detection of HatiHati.A is based on commercial anti-theft software for Symbian Series60 phones. It was not authored with malicious intent. HatiHati is an alias.

The application's code, version 0.95 beta, suffers from two bugs that cause worm-like behavior. There also exists an unauthorized version of the beta that has been repackaged.

The anti-theft software sends an SMS alert when it detects a change in the installed phone's SIM card. Flaws in the code of version 0.95 cause the application to copy itself from an MMC card to any new phone in which the MMC card is inserted. Once installed on the new phone, the application considers the SIM card to be changed.

HatiHati.A then begins to send SMS alerts. The second bug in the code causes thousands of SMS alerts to be sent. This can result in a significant financial cost to the phone's owner.

Detection of HatiHati version 0.95 beta was added to F-Secure Mobile Anti-Virus at the request of the original software author.

HatiHati.A affects phones running Symbian S60 2nd Edition and older, which means that the most recent device affected is the Nokia N70.

If you are running F-Secure Mobile Anti-Virus and are notified of HatiHati.A detection, please make sure your anti-theft software is up to date. If you are using the unauthorized repacking of HatiHati.A, you should delete the application.

Last update 05 December 2007

 

TOP

Malware :

Family: