A new Trojan has been discovered by security researchers that compress files before returning them to their remote server, allowing for huge amounts of data to be stolen.
The Trojan, named ‘Travnet’ infects via email and returns information to its remote command and control server including data relating to the computer name, IP address and configs. Once the Trojan has taken hold of the infected machine it has the ability to steal a variety of file types including Office documents, PDFs and text files. By compressing these files the Trojan has the ability to steal huge amounts of data at any one time.
Compression and data encoding tactics are used before large volumes of documents are returned to the command and control server. If compressed files are too large to be sent via HTTP, they can be sent in sections of 1024bytes.
The Trojan has been exposed to be spread via email and appears to be targeting organisations in Russia.