Trojan.Snifula

Trojan.Snifula Description

Snifula is a family of Trojans designed to collect information from infected computers. The main purpose of most Snifula variants is to collect online banking information and credit card numbers. Because of this, these types of Trojan infections are referred to as 'banking Trojans.' Snifula variants have been involved in several high profile attacks on Japanese targets. However, Snifula infections are widespread around the world. Currently, the main targets of Snifula variants include banks in Japan, Germany and the United States.

Why Cybercrooks Create Threats such as Snifula

The main purpose of banking Trojans from the Snifula family is to collect login information for online banking. To do this, Snifula infects a computer silently, making modifications to the victim's Web browsers that display fake versions of banking websites or altered versions of the original banking website. Computer users, without realizing it, enter their information such as user name, and passwords into these fake websites thinking that they are logging into their online banking account. Snifula is mainly spreading using social networks, either via instant messaging spam or through corrupted links shared on victims' Facebook walls or Twitter feeds.

Bringing into Light Snifula Targets

Snifula may receive information from its Command and Control server to update its list of targeted financial institutions. Malware researchers have researched the configuration file of this banking Trojan to determine which banks are targeted. Snifula's recent configuration files list banks in Japan, Germany and more than fifty United States Banks. Currently, about 40% of all Snifula infections are in the United States, and 18% in Japan. Snifula variants targeting these banks include a specific threat infection that has received the nickname 'Neverquest.' This Snifula variant is capable of logging keystrokes, allowing a third-party to control the infected computer remotely and capture a video of the victim's screen or use the victim's webcam. Unfortunately, the increased dependence on online services for banking, shopping, social connections and other tasks, has meant that these services have become important targets for third parties. Snifula is just one of the many threatening, high-level threats that are active today in order to take advantage of the ever-increasing number of Internet users.

Analizing the Snifula Behavior

The main threat posed by Snifula is that this banking Trojan collects crucial information from the infected computer. Snifula may infect a computer silently and will not alert victims of its presence. This is because banking Trojans are much more effective when computer users are not aware of their presence, so third parties work to ensure that their infections do not cause symptoms on infected computers. Because of this, banking services should be used with additional security measures, such as two-step authentication, secure connections and mobile authentication. This may alert computer users of a problem when Snifula displays a bogus version of the targeted bank's Web page.

Preventing Snifula and Similar Infections

Most Snifula infections spread using social media links or spam email messages. Because of this, a crucial part of preventing Snifula infections is educating computer users to be able to detect social engineering attacks and other lies on the Internet. Although a reliable security program that is fully up-to-date is essential in preventing and dealing with threat infections, the most important factor is to be aware of their presence and typical strategies to avoid becoming exposed to them in the first place. PC security researchers advise computer users to avoid clicking on unknown links or downloading unknown files. Computer users should perform full scans of their computers periodically in order to ensure that no threats or other components have managed to infiltrate any of its components. If adequate security software is installed and computer users take safety measures when browsing the Web, attacks like Snifula can be avoided.

Infected with Trojan.Snifula? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect Trojan.Snifula
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Registry Details

Trojan.Snifula creates the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[RANDOM CHARACTERS]" - "regsvr32.exe /s \%AllUsersProfile%\Application Data\dmahdqe.dat\"""
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"NoProtectedModeBanner" - "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\"2500" - "3"

More Details on Trojan.Snifula

The following URL's were found:
Tip: We recommend blocking the domain names as well as the IP addresses associated with them.
  • auramontofont.com
  • handelbarg.com
  • hramano.com
  • paleenkos.com
  • wellentarel.com

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 5 + 10 ?