NetTraveler
   HOME

TheInfoList



Click Here for Items Related To - NetTraveler
OR:
NetTraveler on:   [Wikipedia]   [Google]   [Amazon]

NetTraveler or TravNet is
spyware Spyware (a portmanteau for spying software) is any malware that aims to gather information about a person or organization and send it to another entity in a way that harms the user by violating their privacy, endangering their device's securit ...
that dates from 2004 and that has been actively used at least until 2016, infecting hundreds of often high-profile servers in dozens of countries. The name of this malware is based on the fact that early versions of it contained the string "NetTraveler is Running!". It is used by attackers for
advanced persistent threat An advanced persistent threat (APT) is a stealthy threat actor, typically a State (polity), state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the ...
s to survey their victims. It can transfer large amounts of private information from systems of victims to C&C servers, functioning as a
trojan horse In Greek mythology, the Trojan Horse () was a wooden horse said to have been used by the Greeks during the Trojan War to enter the city of Troy and win the war. The Trojan Horse is not mentioned in Homer, Homer's ''Iliad'', with the poem ending ...
and backdoor to these systems.
Spear-phishing Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticate ...
with Office documents like MS Word documents is used to infect vulnerable systems, targeting the vulnerabilities. The attackers use news articles that are relevant to their targets for their spear fishing.
Kaspersky Lab Kaspersky Lab (; ) is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky a ...
found that certain victims that were infected with NetTraveler were also infected by Red October, although no direct relation with this malware was established. The multiple infections might be accounted for by the fact that these were high-profile victims like government agencies, nuclear power installations and embassies in dozens of countries. Command and Control servers that were involved in NetTraveler attacks were located in the
United States The United States of America (USA), also known as the United States (U.S.) or America, is a country primarily located in North America. It is a federal republic of 50 U.S. state, states and a federal capital district, Washington, D.C. The 48 ...
,
Hong Kong Hong Kong)., Legally Hong Kong, China in international treaties and organizations. is a special administrative region of China. With 7.5 million residents in a territory, Hong Kong is the fourth most densely populated region in the wor ...
and
China China, officially the People's Republic of China (PRC), is a country in East Asia. With population of China, a population exceeding 1.4 billion, it is the list of countries by population (United Nations), second-most populous country after ...
, which used more than 100 URLs. These C&C servers mostly ran IIS 6/7. According to Kaspersky Lab, NetTraveler is ''used by a medium-sized threat actor group from China.'' There are several ways to get rid of NetTraveler on an infected system, like with Virus Removal Tools and the SpyHunter Removal Tool. It is also possible to remove this malware manually. Specially targeted countries included Russia, India, Pakistan, Mongolia, Kyrgyzstan and Kazakhstan.


References

{{reflist


External links


The NetTraveler (aka ‘Travnet’) by Global Research and Analysis Team of Kaspersky Lab
Spyware Cyberwarfare by China Cybercrime in India