Trojan.Snifula

Snifula is a family of Trojans designed to collect information from infected computers. The main purpose of most Snifula variants is to collect online banking information and credit card numbers. Because of this, these types of Trojan infections are referred to as 'banking Trojans.' Snifula variants have been involved in several high profile attacks on Japanese targets. However, Snifula infections are widespread around the world. Currently, the main targets of Snifula variants include banks in Japan, Germany and the United States.

Why Cybercrooks Create Threats such as Snifula

The main purpose of banking Trojans from the Snifula family is to collect login information for online banking. To do this, Snifula infects a computer silently, making modifications to the victim's Web browsers that display fake versions of banking websites or altered versions of the original banking website. Computer users, without realizing it, enter their information such as user name, and passwords into these fake websites thinking that they are logging into their online banking account. Snifula is mainly spreading using social networks, either via instant messaging spam or through corrupted links shared on victims' Facebook walls or Twitter feeds.

Bringing into Light Snifula Targets

Snifula may receive information from its Command and Control server to update its list of targeted financial institutions. Malware researchers have researched the configuration file of this banking Trojan to determine which banks are targeted. Snifula's recent configuration files list banks in Japan, Germany and more than fifty United States Banks. Currently, about 40% of all Snifula infections are in the United States, and 18% in Japan. Snifula variants targeting these banks include a specific threat infection that has received the nickname 'Neverquest.' This Snifula variant is capable of logging keystrokes, allowing a third-party to control the infected computer remotely and capture a video of the victim's screen or use the victim's webcam. Unfortunately, the increased dependence on online services for banking, shopping, social connections and other tasks, has meant that these services have become important targets for third parties. Snifula is just one of the many threatening, high-level threats that are active today in order to take advantage of the ever-increasing number of Internet users.

Analizing the Snifula Behavior

The main threat posed by Snifula is that this banking Trojan collects crucial information from the infected computer. Snifula may infect a computer silently and will not alert victims of its presence. This is because banking Trojans are much more effective when computer users are not aware of their presence, so third parties work to ensure that their infections do not cause symptoms on infected computers. Because of this, banking services should be used with additional security measures, such as two-step authentication, secure connections and mobile authentication. This may alert computer users of a problem when Snifula displays a bogus version of the targeted bank's Web page.

Preventing Snifula and Similar Infections

Most Snifula infections spread using social media links or spam email messages. Because of this, a crucial part of preventing Snifula infections is educating computer users to be able to detect social engineering attacks and other lies on the Internet. Although a reliable security program that is fully up-to-date is essential in preventing and dealing with threat infections, the most important factor is to be aware of their presence and typical strategies to avoid becoming exposed to them in the first place. PC security researchers advise computer users to avoid clicking on unknown links or downloading unknown files. Computer users should perform full scans of their computers periodically in order to ensure that no threats or other components have managed to infiltrate any of its components. If adequate security software is installed and computer users take safety measures when browsing the Web, attacks like Snifula can be avoided.