Home Malware Programs Trojans Handsnake

Handsnake

Posted: April 16, 2014

Threat Metric

Ranking: 14,789
Threat Level: 1/10
Infected PCs: 108
First Seen: April 16, 2014
Last Seen: September 17, 2023
OS(es) Affected: Windows


Handsnake is a backdoor Trojan intended to allow third parties to access your computer remotely, and from that position, take full control over it. Such attacks may be used as opening salvos in campaigns to hack bank accounts, sabotage government networks or gather varied types of confidential data. While Handsnake is one of the lesser-analyzed PC threats of its type, malware researchers can verify the use of e-mail attachments for its distribution method. PC users who feel themselves at risk should be cautious about opening unscanned file attachments, and use anti-malware products as needed to delete Handsnake after an attack.

The Serpent that Shakes Your PC's Hand... and will not Let Go

Handsnake is one of several prominent Trojans being used in an e-mail campaign currently targeting various major banks, businesses and services in the fiscal sector. Infected e-mail messages (disguised as business notifications, 'CUP retrieval requests,' et cetera) include Java-based file attachments that play the role of simple Trojan droppers, which install the real payload. Other threat entities in Handsnake's campaign include the Netwire Remote Acess Trojan, an e-mail password extraction utility, the DarkComet RAT, JackPOS (a Trojan that targets credit card data on point-of-sale systems) and even the banking Trojan Trojan Zeus.

While this full hand of threats would be more than enough to haunt any PC user's dreams, Handsnake also provides its own, far from negligible attacks. Based on the previously-analyzed Carberp Trojan, Handsnake continues in Carberp's footsteps by opening a backdoor connection to a Command & Control server. Further interaction by third parties may allow Handsnake to be used to issue instructions to your PC, install other threats, change system settings or delete files, for example. This broad vulnerability effectively means that any PC under Handsnake's control is also under a third party control, until the vulnerability's elimination.

Getting Your PC Back from a Handsnake's Bite

Since Handsnake's attacks focus on PCs not meant for personal use, this current campaign should be of little concern to home PC users – except in the sense that the compromises of business security often lead to compromises of customer data. Vulnerable companies are recommended to monitor e-mail communications for potential threat distributors, which may install other PC threats even more advanced than Handsnake. Of course, since Handsnake is a high-level threat explicitly designed to avoid being found or deleted, malware experts would not encourage removing Handsnake without suitable anti-malware tools, whenever other options are accessible.

The details of Handsnake's distribution methods also are bad news for PC users hoping to avoid infection by way of being unlikely targets. With more threat authors making use of multiple types of advanced PC threats and showing them far and wide, companies will need to be ever-mindful of common threat installation routes. On the non-business end, PC users who use credit cards and other, exploitable transaction methods should pay attention to the unusual charges that often are signs of infiltration by something like Handsnake or its compatriot Trojan, Zeus.

Loading...