NetTraveler Isn’t Traveler

For fans of intercollegiate football, the name Traveler means one thing — the USC Trojans mascot.



NetTraveler is a horse of a different color — a trojan horse that is focused on stealing information. Kaspersky just reported its discovery of NetTraveler, malware that establishes Command & Control (C&C) servers on victim’s machines for the purpose of stealing information. NetTraveler has been quietly stealing information since 2004. Kaspersky calculates that there are over 22 gigabytes of stolen data on the NetTraveler C&C servers. Kaspersky observed that 22 gigabytes is only a small fraction of what was stolen because Kaspersky was unable to see what was previously downloaded and deleted from the C&C servers. NetTraveler has been stealing information related to aerospace, nanotechnology, nuclear power cells, lasers, drilling, manufacturing in extreme conditions, and radio wave weapons. This is the worldwide scope of the attacks:


How were these systems compromised?  Spearphishing.  Socially engineered emails were sent to targeted individuals with malicious word attachments. When the attachment was opened, the C&C software was installed. Training materials uncovered by Kaspersky show that the attackers were paid bounty hunters — being paid for the systems they successfully compromised. The network of hackers using these attack tools is known to have over 80,000 members.

Spearphishing is successful because it targets the people who use the systems, not the systems themselves. At Iconix, our goal is to make this threat vector less effective. Spearphishers deceive employees into making bad email decisions that compromise security. IT needs to help employees make better email processing decisions. That is where SP Guard comes into play. Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner.

You can contact us at  408-727-6342,ext 3 or use our online form.

Enjoy this video of Traveler:


Comments are closed.