CERT-MU Virus Alert VA-2010-2
SymbOS.Hati Hati.A SMS Virus
Original Issue Date: March 30, 2010
Severity Rating: High
1. Description
SymbOS.Hatihati.A is a Trojan horse that runs on the Symbian OS. The Trojan is a pirated version of the anti-theft software Guardian v0.95 which contains a bad configuration file. This virus resides at Mobile Memory and tries to send SMS automatically to the predefined numbers like +3396003964. HatiHati.A is a worm-like application that spreads via MMC cards. Once the worm copies itself to a new device, it starts sending a very high volume of SMS messages to a predefined number. The predefined number is inherent with the Hatihati.A malware and will not be picked from the contact list.
2. Mobile Sets Affected
High-end mobile phones with Symbian Operating System (OS) are prone to infection from Hatihati malware. Different brands ( like Nokia, Sony Ericsson), units, and models can be infected regardless of its mobile service provider.
3. MMS sending is not affected by this virus because MMS is sent via GPRS.
There is no known application that can detect this virus in any brand of mobile set.
| Name: |
Worm: SymbOS/HatiHati.A |
Alias: |
HatiHati.A |
Type: |
Worm |
Category: |
Malware |
Platform: |
SymbOS |
4. Common symptoms of Hatihati.A malware infection
- A Hatihati.A malware icon in the applications folder of the phone when the phone is rebooted without the SIM card.
- Unrecognized texted numbers on your cell phone logs
- Difficulty in sending SMS due to the continuous sending of the said malware
- Abnormally fast depletion of battery charge/power
5. Location of Hatihati.A malware icon in the mobile set
You can perform a simple test to verify that you are infected with the Hatihati.A Malware:
- Step 1: Turn-off your mobile phone and remove the attached SIM card
- Step 2: Turn-on your mobile phone without the SIM card
- Step 3: Go to your applications folder and you should see a Hatihati.A
application icon named “Guardian”.
6. Ways by which the virus spreads
The Hatihati.A malware spread by the following ways:
- By inserting with an infected MMC or Memory Card and vice-versa. Sharing of MMC or Memory Card in phones can spread the Hatihati.A malware.
- By downloading free mobile applications via untrusted WAP sites.
Note: this malware does not spread via sharing or transfer of SIM from one mobile phone to another, nor via Bluetooth or Infrared.
7. Removal of the virus
- Download F-secure software antivirus(http://f-secure.mobi) for Nokia and Non Nokia handsets and delete the "Guardian" Folder.
- Soft or hard formatting.
- Create backup the address book, calendar and settings using "Nokia PC Suite"
- Format the MMC card from the computer using card reader
- Use Deep Reset using code (*#7370# or *#7780")
- Normal Reset (*#7780#) : Restores ini files from ROM but preserves user data (photos, 3rd party apps etc)
- Deep Reset (*#7370#) : This reformats completely the C: drive. All applications and files stored in this drive will be lost and clean default files will be rewritten.
- Use 12345 as lock code ( for Nokia handsets ) when asked and press OK
- Now Mobile will be restarted and will be back to its previous settings
For detailed information regarding soft and hard formatting, please refer to the URL: http://www.ntc.net.np/mobile/alert.php
Or
Contact your supplier of the mobile phones for more details.
8. Preventive Measures
Here are some recommended preventive measures:
- Refrain from phone sharing or swapping. Do not let others use your phone without your discretion.
- Refrain from memory card sharing or swapping. Do not let others use your memory card without your discretion.
- Avoid downloading free mobile applications from suspicious WAP sites or from Internet.
- Do not install a pirated version of the anti-theft software Guardian v 0.95
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
E-mail:
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
9th Floor, Stratton Court
La Poudriere Street
Port Louis
|
