This application requires Javascript for optimal performance.

HackerTool/Hahafon - Released Jul 15, 2010 - Last Updated Jul 26, 2010

Detection Availability

Active DatabaseExtended Database
FortiGate
low
high
FortiClient
FortiMail N/A

Visible Symptoms

Abnormally high bill due to SMS sending

Detailed Analysis

Like HackerTool/FullBox, HackerTool/Hahafon is a Java ME midlet which helps an end-user send SMS messages under a fake identity. The end-user specifies an SMS text, the recipient's phone number and the name or phone number the message should appear to come from. The SMS message is not directly sent to the recipient. Instead, it is forwarded to the (non-free) short number 1051.
The midlet runs on any phone supporting Java.



Technical Details


A typical splash screen of the midlet is shown at Figure 1.

Figure 1. HackerTool/Hahafon splash screen
HackerTool/Hahafon offers a wide variety of SMS templates to send to friends. The end-user selects the template to send among categories such as Joke or Love SMS.
Figure 2. Main menu of the hacker tool (in Russian)
The list of SMS templates may be updated if the end-user requests it. In this case, an up-to-date template is downloaded from hxxp://hahafon.ru/mobile/hah.dat

Recommended Action

    FortiGate Systems

  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

    FortiClient Systems

  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Reference: ID - 1937626