Latest IT Articles

Travnet Trojan Compressing Files

A new Trojan has been discovered by security researchers that compress files before returning them to their remote server, allowing for huge amounts of data to be stolen.

The Trojan, named ‘Travnet’ infects via email and returns information to its remote command and control server including data relating to the computer name, IP address and configs. Once the Trojan has taken hold of the infected machine it has the ability to steal a variety of file types including Office documents, PDFs and text files. By compressing these files the Trojan has the ability to steal huge amounts of data at any one time.

Compression and data encoding tactics are used before large volumes of documents are returned to the command and control server. If compressed files are too large to be sent via HTTP, they can be sent in sections of 1024bytes.

The Trojan has been exposed to be spread via email and appears to be targeting organisations in Russia.

Top

Call us 0333 370 2202

Or email us: [email protected]