NetTraveler
   HOME

TheInfoList



Click Here for Items Related To - NetTraveler
OR:
NetTraveler on:   [Wikipedia]   [Google]   [Amazon]

NetTraveler or TravNet is
spyware Spyware (a portmanteau for spying software) is software with malicious behaviour that aims to gather information about a person or organization and send it to another entity in a way that harms the user—for example, by violating their privac ...
that dates from 2004 and that has been actively used at least until 2016, infecting hundreds of often high-profile servers in dozens of countries. The name of this malware is based on the fact that early versions of it contained the string "NetTraveler is Running!". It is used by attackers for advanced persistent threats to survey their victims. It can transfer large amounts of private information from systems of victims to C&C servers, functioning as a
trojan horse The Trojan Horse was a wooden horse said to have been used by the Greeks during the Trojan War to enter the city of Troy and win the war. The Trojan Horse is not mentioned in Homer's ''Iliad'', with the poem ending before the war is concluded, ...
and backdoor to these systems.
Spear-phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwar ...
with Office documents like MS Word documents is used to infect vulnerable systems, targeting the vulnerabilities. The attackers use news articles that are relevant to their targets for their spear fishing.
Kaspersky Lab Kaspersky Lab (; Russian: Лаборатория Касперского, tr. ''Laboratoriya Kasperskogo'') is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in th ...
found that certain victims that were infected with NetTraveler were also infected by
Red October The October Revolution,. officially known as the Great October Socialist Revolution. in the Soviet Union, also known as the Bolshevik Revolution, was a revolution in Russia led by the Bolshevik Party of Vladimir Lenin that was a key moment ...
, although no direct relation with this malware was established. The multiple infections might be accounted for by the fact that these were high-profile victims like government agencies, nuclear power installations and embassies in dozens of countries. Command and Control servers that were involved in NetTraveler attacks were located in the
United States The United States of America (U.S.A. or USA), commonly known as the United States (U.S. or US) or America, is a country primarily located in North America. It consists of 50 states, a federal district, five major unincorporated territorie ...
,
Hong Kong Hong Kong ( (US) or (UK); , ), officially the Hong Kong Special Administrative Region of the People's Republic of China ( abbr. Hong Kong SAR or HKSAR), is a city and special administrative region of China on the eastern Pearl River Delt ...
and
China China, officially the People's Republic of China (PRC), is a country in East Asia. It is the world's most populous country, with a population exceeding 1.4 billion, slightly ahead of India. China spans the equivalent of five time zones and ...
, which used more than 100 URLs. These C&C servers mostly ran IIS 6/7. According to Kaspersky Lab, NetTraveler is ''used by a medium-sized threat actor group from China.'' There are several ways to get rid of NetTraveler on an infected system, like with Virus Removal Tools and the SpyHunter Removal Tool. It is also possible to remove this malware manually. Specially targeted countries included Russia, India, Pakistan, Mongolia, Kyrgyzstan and Kazakhstan.


References

{{reflist


External links


The NetTraveler (aka ‘Travnet’) by Global Research and Analysis Team of Kaspersky Lab
Spyware Cyberwarfare by China Cybercrime in India