Handsnake
Posted: April 16, 2014
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Ranking: | 14,789 |
---|---|
Threat Level: | 1/10 |
Infected PCs: | 108 |
First Seen: | April 16, 2014 |
---|---|
Last Seen: | September 17, 2023 |
OS(es) Affected: | Windows |
Handsnake is a backdoor Trojan intended to allow third parties to access your computer remotely, and from that position, take full control over it. Such attacks may be used as opening salvos in campaigns to hack bank accounts, sabotage government networks or gather varied types of confidential data. While Handsnake is one of the lesser-analyzed PC threats of its type, malware researchers can verify the use of e-mail attachments for its distribution method. PC users who feel themselves at risk should be cautious about opening unscanned file attachments, and use anti-malware products as needed to delete Handsnake after an attack.
The Serpent that Shakes Your PC's Hand... and will not Let Go
Handsnake is one of several prominent Trojans being used in an e-mail campaign currently targeting various major banks, businesses and services in the fiscal sector. Infected e-mail messages (disguised as business notifications, 'CUP retrieval requests,' et cetera) include Java-based file attachments that play the role of simple Trojan droppers, which install the real payload. Other threat entities in Handsnake's campaign include the Netwire Remote Acess Trojan, an e-mail password extraction utility, the DarkComet RAT, JackPOS (a Trojan that targets credit card data on point-of-sale systems) and even the banking Trojan Trojan Zeus.
While this full hand of threats would be more than enough to haunt any PC user's dreams, Handsnake also provides its own, far from negligible attacks. Based on the previously-analyzed Carberp Trojan, Handsnake continues in Carberp's footsteps by opening a backdoor connection to a Command & Control server. Further interaction by third parties may allow Handsnake to be used to issue instructions to your PC, install other threats, change system settings or delete files, for example. This broad vulnerability effectively means that any PC under Handsnake's control is also under a third party control, until the vulnerability's elimination.
Getting Your PC Back from a Handsnake's Bite
Since Handsnake's attacks focus on PCs not meant for personal use, this current campaign should be of little concern to home PC users – except in the sense that the compromises of business security often lead to compromises of customer data. Vulnerable companies are recommended to monitor e-mail communications for potential threat distributors, which may install other PC threats even more advanced than Handsnake. Of course, since Handsnake is a high-level threat explicitly designed to avoid being found or deleted, malware experts would not encourage removing Handsnake without suitable anti-malware tools, whenever other options are accessible.
The details of Handsnake's distribution methods also are bad news for PC users hoping to avoid infection by way of being unlikely targets. With more threat authors making use of multiple types of advanced PC threats and showing them far and wide, companies will need to be ever-mindful of common threat installation routes. On the non-business end, PC users who use credit cards and other, exploitable transaction methods should pay attention to the unusual charges that often are signs of infiltration by something like Handsnake or its compatriot Trojan, Zeus.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.