{"id":24123,"date":"2013-04-23T17:25:28","date_gmt":"2013-04-24T00:25:28","guid":{"rendered":"http:\/\/blogs.mcafee.com\/?p=24123"},"modified":"2025-06-06T02:12:52","modified_gmt":"2025-06-06T09:12:52","slug":"travnet-botnet-steals-huge-amount-of-sensitive-data","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-botnet-steals-huge-amount-of-sensitive-data\/","title":{"rendered":"Travnet Botnet Steals Huge Amount of Sensitive Data"},"content":{"rendered":"<p>In a <a href=\"https:\/\/securingtomorrow.mcafee.com\/mcafee-labs\/travnet-trojan-could-be-part-of-apt-campaign\">McAfee Labs blog <\/a>by my colleague Vikas Taneja last month, he discussed high-level functioning in the malware Travnet. Since then we have continued to analyze different samples and now classify Travnet as a botnet rather than a Trojan because of the presence of control code, and the malware&#8217;s ability to wait for further commands from the malicious control server.<\/p>\n<p>The Travnet bot not only steals sensitive information from a victim\u2019s machine; it also steals document files. Generally speaking, we store most of our sensitive information in Office files, PDFs, etc. Using data compression and data-encoding methods allows Travnet to steal huge amount of data including large files.<\/p>\n<p>The bot at first gathers sensitive information about victim\u2019s machine. Then searches for document files (doc, docx, xls, xlsx, txt, rtf, pdf). Here is snippet of code:<a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/Travnet_source.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-medium wp-image-24124\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/Travnet_source-300x268.png\" alt=\"Travnet_source\" width=\"300\" height=\"268\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/04\/Travnet_source-300x268.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/04\/Travnet_source.png 730w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>The preceding code includes computer name, IP address, username, operating system, list of running processes, IP config details, and information about different accounts present on the system. The malware creates the file system_t.dll to store this information in plain text. It also creates the file travelbackinfo-(SystemTime).dll, which will be used in an HTTP GET request.<\/p>\n<p>The data stored in the file can be huge, depending upon running processes and IP config details. The bot will use data compression and encoding methods to send the sensitive data to a remote server. The packet capture looks like this:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/Travnet_GET_Request.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-medium wp-image-24125\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/Travnet_GET_Request-300x130.png\" alt=\"Travnet_get_Request\" width=\"300\" height=\"130\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/04\/Travnet_GET_Request-300x130.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/04\/Travnet_GET_Request.png 830w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>The bot sends the stolen data with the parameter \u201c&amp;filetext,\u201d which starts with \u201cbegin::.\u201d But the compressed file can be too big to send over the HTTP, so the bot sends the compressed file in chunks of 1,024 bytes. To track this, it uses the parameter \u201c&amp;filestart.\u201d The bot appends the string \u201c::end\u201d to signal the end of the file.<\/p>\n<h2><b>Data compression and encoding techniques<\/b><\/h2>\n<p>The bot processes the original data in two passes:<\/p>\n<ul>\n<li>In the first pass, it uses a data compression method similar to <a href=\"http:\/\/en.wikipedia.org\/wiki\/Lempel%E2%80%93Ziv%E2%80%93Storer%E2%80%93Szymanski\">LZSS<\/a> (Lempel\u2013Ziv\u2013Storer\u2013Szymanski) to compress the original data<\/li>\n<li>In the second pass, it encodes the compressed data using custom Base64<\/li>\n<\/ul>\n<h2><b>First pass data compression<br \/>\n<\/b><\/h2>\n<p>The bot&#8217;s data compression maintains a dictionary (a sliding window) of previously seen data that is similar to data compression with LZSS.<\/p>\n<p>The bot uses a similar method to maintain a large sliding window size (to achieve a high compression ratio) but outputs variable-length \u201cLength- Offset\u201d pairs (the number of bits required to represent the number). We have not seen yet any references or implementation that outputs variable lengths and variable offsets, so for now we will call this method a variant of the LZSS data compression algorithm.<\/p>\n<p>The bot starts compression by reading original data in chunks of 65,536 bytes (so it has to maintain sliding windows of this size). The final output of compression will be in chunks following this format:<\/p>\n<p>Original Length (2 bytes) + Compressed Length (2 bytes) + Compressed Data<\/p>\n<p>This method achieves a high compression ratio and reduces the size of the original data, allowing the bot to upload large files on the remote server. The decompression process is very easy to write because it does not need to search for the longest match but needs only to take care of variable-length values.<\/p>\n<h2><b>Second pass custom Base64 encoding<\/b><\/h2>\n<p>The Travnet bot uses custom Base64 encoding to encode the compressed binary data. The key and character set used in standard Base64 is \u201cABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+\/&#8221; with \u201c=\u201d used for padding; the key used by the bot is &#8220;ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-\/&#8221; with \u201c*\u201d used for padding.<\/p>\n<p>We wrote a small tool to decompress the data stolen by Travnet.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/travnet_tool.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-medium wp-image-24128\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/travnet_tool-300x156.png\" alt=\"travnet_tool\" width=\"300\" height=\"156\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/04\/travnet_tool-300x156.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/04\/travnet_tool.png 647w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>As we look at the output, we see the size of the decompressed file (the original data) is much higher than that of the compressed file. Let\u2019s now look the decompressed data:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/Travnet_decompressed_data1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-medium wp-image-24132\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/Travnet_decompressed_data1-300x291.png\" alt=\"Travnet_decompressed_data\" width=\"300\" height=\"291\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/04\/Travnet_decompressed_data1-300x291.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/04\/Travnet_decompressed_data1-32x32.png 32w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/04\/Travnet_decompressed_data1.png 584w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>The preceding is the original data stolen from the victim\u2019s machine. Interestingly, the unreadable characters in the decompressed file are in Chinese. While writing the sensitive information in a DLL file, the bot writes some hardcoded strings that are in Chinese. If we convert those strings to English, here is how the file looks:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/Travnet_chinese_converted_data.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-medium wp-image-24134\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/Travnet_chinese_converted_data-300x97.png\" alt=\"Travnet_chinese_converted_data\" width=\"300\" height=\"97\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/04\/Travnet_chinese_converted_data-300x97.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/04\/Travnet_chinese_converted_data.png 664w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<h2><b>Stealing files<\/b><\/h2>\n<p>The bot doesn\u2019t stop; it steals more data. Next we see the functions called by the bot:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/Travnet_send_files.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-medium wp-image-24139\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/Travnet_send_files-300x115.png\" alt=\"Travnet_send_files\" width=\"300\" height=\"115\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/04\/Travnet_send_files-300x115.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/04\/Travnet_send_files.png 696w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>The bot will send the following:<\/p>\n<ul>\n<li>A file containing lists of all filenames on the system drives<\/li>\n<li>All files that have doc, docx, xls, xlsx, txt, rtf, and pdf extensions<\/li>\n<li>All files from victim\u2019s desktop<\/li>\n<\/ul>\n<p>Once it sends all the files to the remote server, the bot will go into sleep mode and wait for further commands.<\/p>\n<h2><b>Server commands<br \/>\n<\/b><\/h2>\n<ul>\n<li>UNINSTALL<\/li>\n<li>UPDATE<\/li>\n<li>RESET<\/li>\n<li>UPLOAD<\/li>\n<\/ul>\n<p>Next we see a command from the server telling the bot to upload more data:<a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/Travnet_cnc_command.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-medium wp-image-24137\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/Travnet_cnc_command-300x136.png\" alt=\"Travnet_cnc_command\" width=\"300\" height=\"136\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/04\/Travnet_cnc_command-300x136.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/04\/Travnet_cnc_command.png 313w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>Although the botnet uses a simple mechanism to infect and steal information, a few elements make a Travnet botnet unique:<\/p>\n<ul>\n<li>Using lossless data compression to steal large data files<\/li>\n<li>Stealing documents files with extensions doc, docx, xls, xlsx, txt, rtf, and pdf<\/li>\n<li>Stealing all files on the system drives<\/li>\n<\/ul>\n<p>These unique features and the presence of Chinese strings lead us to conclude that the Travnet botnet may be a targeted attack for stealing sensitive data. We suspect the attackers are using the initial data&#8211;computer information, IP\u2019s&#8211;to steal sensitive data from a particular group or identity. We also believe that the data uploaded to malicious severs is actively monitored by the attackers. We have found new domains registered to carry out the attack. We believe that huge amounts of data have been stolen from victims whose machines were infected with Travnet.<\/p>\n<p>I would like to thank my colleagues Vikas Taneja, Anil Aphale, Arunpreet Singh, and Subrat Sarkar for their research and assistance.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In a McAfee Labs blog by my colleague Vikas Taneja last month, he discussed high-level functioning in the malware Travnet&#8230;.<\/p>\n","protected":false},"author":674,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[49,338],"coauthors":[3973],"class_list":["post-24123","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-botnet","tag-endpoint-protection"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Travnet Botnet Steals Huge Amount of Sensitive Data | McAfee Blog<\/title>\n<meta name=\"description\" content=\"In a McAfee Labs blog by my colleague Vikas Taneja last month, he discussed high-level functioning in the malware Travnet. Since then we have continued to\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Travnet Botnet Steals Huge Amount of Sensitive Data | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"In a McAfee Labs blog by my colleague Vikas Taneja last month, he discussed high-level functioning in the malware Travnet. Since then we have continued to\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-botnet-steals-huge-amount-of-sensitive-data\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2013-04-24T00:25:28+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-06T09:12:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/04\/Travnet_source.png\" \/>\n\t<meta property=\"og:image:width\" content=\"730\" \/>\n\t<meta property=\"og:image:height\" content=\"653\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"McAfee\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"McAfee\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-botnet-steals-huge-amount-of-sensitive-data\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-botnet-steals-huge-amount-of-sensitive-data\/\"},\"author\":{\"name\":\"McAfee\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa\"},\"headline\":\"Travnet Botnet Steals Huge Amount of Sensitive Data\",\"datePublished\":\"2013-04-24T00:25:28+00:00\",\"dateModified\":\"2025-06-06T09:12:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-botnet-steals-huge-amount-of-sensitive-data\/\"},\"wordCount\":952,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-botnet-steals-huge-amount-of-sensitive-data\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/Travnet_source-300x268.png\",\"keywords\":[\"botnet\",\"endpoint protection\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-botnet-steals-huge-amount-of-sensitive-data\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-botnet-steals-huge-amount-of-sensitive-data\/\",\"name\":\"Travnet Botnet Steals Huge Amount of Sensitive Data | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-botnet-steals-huge-amount-of-sensitive-data\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-botnet-steals-huge-amount-of-sensitive-data\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/Travnet_source-300x268.png\",\"datePublished\":\"2013-04-24T00:25:28+00:00\",\"dateModified\":\"2025-06-06T09:12:52+00:00\",\"description\":\"In a McAfee Labs blog by my colleague Vikas Taneja last month, he discussed high-level functioning in the malware Travnet. Since then we have continued to\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-botnet-steals-huge-amount-of-sensitive-data\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-botnet-steals-huge-amount-of-sensitive-data\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-botnet-steals-huge-amount-of-sensitive-data\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/Travnet_source-300x268.png\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/Travnet_source-300x268.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-botnet-steals-huge-amount-of-sensitive-data\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Travnet Botnet Steals Huge Amount of Sensitive Data\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa\",\"name\":\"McAfee\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/1ffadfeeda1f4f9e7891a81f27a9ecf4\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png\",\"caption\":\"McAfee\"},\"description\":\"We're here to make life online safe and enjoyable for everyone.\",\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/x.com\/McAfee\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/mcafee\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Travnet Botnet Steals Huge Amount of Sensitive Data | McAfee Blog","description":"In a McAfee Labs blog by my colleague Vikas Taneja last month, he discussed high-level functioning in the malware Travnet. Since then we have continued to","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Travnet Botnet Steals Huge Amount of Sensitive Data | McAfee Blog","og_description":"In a McAfee Labs blog by my colleague Vikas Taneja last month, he discussed high-level functioning in the malware Travnet. Since then we have continued to","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-botnet-steals-huge-amount-of-sensitive-data\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_author":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2013-04-24T00:25:28+00:00","article_modified_time":"2025-06-06T09:12:52+00:00","og_image":[{"width":730,"height":653,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2013\/04\/Travnet_source.png","type":"image\/png"}],"author":"McAfee","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"McAfee","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-botnet-steals-huge-amount-of-sensitive-data\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-botnet-steals-huge-amount-of-sensitive-data\/"},"author":{"name":"McAfee","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa"},"headline":"Travnet Botnet Steals Huge Amount of Sensitive Data","datePublished":"2013-04-24T00:25:28+00:00","dateModified":"2025-06-06T09:12:52+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-botnet-steals-huge-amount-of-sensitive-data\/"},"wordCount":952,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-botnet-steals-huge-amount-of-sensitive-data\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/Travnet_source-300x268.png","keywords":["botnet","endpoint protection"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-botnet-steals-huge-amount-of-sensitive-data\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-botnet-steals-huge-amount-of-sensitive-data\/","name":"Travnet Botnet Steals Huge Amount of Sensitive Data | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-botnet-steals-huge-amount-of-sensitive-data\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-botnet-steals-huge-amount-of-sensitive-data\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/Travnet_source-300x268.png","datePublished":"2013-04-24T00:25:28+00:00","dateModified":"2025-06-06T09:12:52+00:00","description":"In a McAfee Labs blog by my colleague Vikas Taneja last month, he discussed high-level functioning in the malware Travnet. Since then we have continued to","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-botnet-steals-huge-amount-of-sensitive-data\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-botnet-steals-huge-amount-of-sensitive-data\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-botnet-steals-huge-amount-of-sensitive-data\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/Travnet_source-300x268.png","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2013\/04\/Travnet_source-300x268.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/travnet-botnet-steals-huge-amount-of-sensitive-data\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Travnet Botnet Steals Huge Amount of Sensitive Data"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/47851fdb92fad9456152405839c92efa","name":"McAfee","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/1ffadfeeda1f4f9e7891a81f27a9ecf4","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/08\/Original-Logo-96x96.png","caption":"McAfee"},"description":"We're here to make life online safe and enjoyable for everyone.","sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/x.com\/McAfee"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/mcafee\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/24123","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/674"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=24123"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/24123\/revisions"}],"predecessor-version":[{"id":215197,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/24123\/revisions\/215197"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=24123"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=24123"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=24123"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=24123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}