NetTraveler
Posted: June 5, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 1,943 |
|---|---|
| Threat Level: | 2/10 |
| Infected PCs: | 37,867 |
| First Seen: | June 11, 2013 |
|---|---|
| Last Seen: | October 16, 2023 |
| OS(es) Affected: | Windows |
The aptly-named NetTraveler is a global spyware-based PC threat that already has stolen information from high-profile industrial and government targets throughout the world in a campaign that recently was revealed to be nearly a decade old. The latest NetTraveler attacks have focused on gathering specialized information regarding such topics as nanotechnology, energy and space exploration, but NetTraveler's capabilities are just as well-suited to stealing broad types of classified information from other areas. Since 2010, the confirmed number of NetTraveler infections has mounted and usually include other PC threats, such as Rocra/Red October Malware. As a sophisticated Trojan with in-depth defenses and attack functions, NetTraveler should be considered a high-level threat, and SpywareRemove.com malware researchers encourage both preventative security steps and reliance on good anti-malware software for removing NetTraveler infections as required.
NetTraveler: When Simple Theft Still is Effective Theft
NetTraveler, also known as Travnet, has been used to steal information from sensitive and ostensibly protected systems for years now. SpywareRemove.com malware experts were unsurprised to learn that NetTraveler uses targeting e-mail messages to distribute itself to new PCs – a common stratagem that similar PC threats like Stuxnet also use to infiltrate corporate and government computers that otherwise wouldn't be very vulnerable to attacks.
NetTraveler's e-mail message typically includes a text document that actually is a disguise for a Trojan dropper, which abuses the malware-beloved CVE-2010-3333 buffer overflow vulnerability to install NetTraveler automatically. File names for these documents usually reference Asian political topics, such as the Dalai Lama or Asian defense spending habits.
There are not too much good things to say about a NetTraveler infection, but one positive aspect is that NetTraveler is not equipped with rootkit features, unlike similar high-level PC threats. As such, anti-malware procedures and programs that are effective against backdoor Trojans and spyware should be ample defenses against NetTraveler, as well. SpywareRemove.com malware analysts have summarized some of NetTraveler's actual attack features as follows:
- NetTraveler uses keylogging attacks to steal any typed data.
- NetTraveler analyzes document and spreadsheet files (file types including DOC, PDF, PPT, XLS, etc.) and steals sensitive information from them. Some other files under attack include certain types of configuration files, AutoCAD projects and Corel Draw designs.
- NetTraveler also utilizes a standard Command & Control server-based connection through a semi-robust network of (at this time) at least thirty separate servers. This connection can be used, in the style of backdoor Trojan infections, to conduct other attacks against a NetTraveler-compromised PC.
A NetTraveler Flight Chart of Crime
NetTraveler must be stressed as a global threat that has attacked computers in such wide ranges as China, the United States, Europe and Mongolia. The most frequently-hit targets appear to be situated in Asia, although SpywareRemove.com malware researchers must emphasize that the data collected so far merely is the 'tip of the iceberg,' and that further patterns on NetTraveler's attacks are likely to be forthcoming.
With the above caveat in mind, governments and diplomatic agencies make up slightly more than half of NetTraveler's confirmed targets so far. Although NetTraveler also is a threat to private PCs and has attacked meaningful numbers of such systems, SpywareRemove.com malware researchers especially warn that vulnerable government and business networks need to take relevant precautions against NetTraveler's e-mail-based spearhead attacks.
Since NetTraveler is a multi-component PC threat that makes significant changes to your PC and will strive to resist being found or deleted, removing NetTraveler should use all qualified anti-malware applications that are available.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.