All the news
18.12 Dr.Web Light for Android updated to version 11.4.2
December 18, 2019
Specifically, an issue causing the application to terminate abnormally on some devices has been resolved.
If you downloaded the Dr. Web application to devices running Android 4.4 and later from Google Play, the updates will be downloaded and installed automatically. If automatic updates are disabled on your device, you need to go to Google Play, choose Dr.Web Light on the application list, and tap "Update".
The users of devices running Android 4.0 - 4.3 will need to download the application from our website.
13.12 Dr.Web Security Space for Android updated to version 12.5.1
December 13, 2019
Change log:
- An issue causing the application to terminate abnormally on some devices has been resolved;
- A problem causing the application to terminate abnormally on some devices while scanning has been resolved;
- An application crash problem that could occur on devices with large screens when the Anti-theft section was being opened has been fixed;
- Also resolved was an issue causing email and passwords to be deleted without removing the account information;
- A defect causing the application to terminate abnormally while the password prompt was being displayed has been corrected;
- A new version update prompt in the application is now displayed correctly;
- Scanning can now be stopped in centralised protection mode;
- The update also delivers minor application and UI tweaks.
If you downloaded the Dr. Web application from Google Play, the updates will be downloaded and installed automatically. If you’ve disabled automatic updating on your device, go to Google Play, select the Dr.Web Security Space or Dr.Web Security Space Life icon in the application list, and tap "Update”.
To update via the Doctor Web site, you need to download a new distribution file. If you’ve enabled the “New app version” option in the settings, a notification will be displayed whenever the virus databases are updated. You can start the download directly from this dialogue box.
13.12 Dr.Web Light 11.4.1 for Android released
December 13, 2019
New:
- The ability to unlock devices running Dr.Web Security Space for Android using the new component Notifications from Friends;
- A new notification channel added – “Notifications from Friends”; and
- The ability to disable program scan notifications in the application settings added;
- Support for 64-bit architecture added.
- The update also delivers minor tweaks and improvements.
If you downloaded the Dr. Web application to devices running Android 4.4 and later from Google Play, the updates will be downloaded and installed automatically. If automatic updates are disabled on your device, you need to go to Google Play, choose Dr.Web Light on the application list, and tap "Update".
The users of devices running Android 4.0 - 4.3 will need to download the product from our website.
Your Android needs protection.
Use Dr.Web
- The first Russian anti-virus for Android
- Over 140 million downloads—just from Google Play
- Available free of charge for users of Dr.Web home products
12.12 Components updated in Dr.Web 11.1 products for Unix
December 12, 2019
Changes made to Dr.Web Anti-virus 11.1 for Unix Mail Servers, Dr.Web Anti-virus 11.1 for Unix Server, Dr.Web Anti-virus 11.1 for Internet gateways Unix, and Dr.Web Anti-virus 11.1 for Linux.
drweb-meshd:
- Performance of all components has been optimised.
drweb-esagent:
- Centralised scan statistics can now be sent;
- A wider range of options for work through the Control Center of Dr.Web Enterprise Security Suite is now available.
Changes made to Dr.Web Anti-virus 11.1 for Unix Mail Servers, Dr.Web Anti-virus 11.1 for Internet gateways Unix, and Dr.Web Anti-virus 11.1 for Linux.
drweb-firewall:
- The component performance (with a large number of users in a group) has been improved.
Changes made to Dr.Web Anti-virus 11.1 for Unix Mail Servers, Dr.Web Anti-virus 11.1 for Unix Server, and Dr.Web Anti-virus 11.1 for Internet gateways Unix:
drweb-httpd-webconsole:
- An issue preventing users from changing the language of the web console (if Mozilla Firefox language is Japanese) has been resolved.
The update is performed via the Dr.Web repository. If you encounter any problems when updating, please use the instructions from our previous news post to specify the additional repository for the Dr.Web software you use.
12.12 Agent software updated in Dr.Web Enterprise Security Suite 12.0
December 12, 2019
Changes made to amsi-client:
- An issue that could cause a process running the AMSI-client code to terminate abnormally has been resolved.
- A problem causing the module to terminate abnormally while the Dr.Web Firewall Service was being started on computers running Windows XP SP2 has been fixed.
Dr.Web Control Service:
- An issue preventing file owner information from being transmitted to the server while scanning the host with Dr.Web Scanner SE has been resolved.
- The option to block network access while a host is being scanned (if the scan is initiated via the Control Center) now works properly.
- Issues preventing sysinfo reports from being generated when no Temp directory is found in the Windows folder have been resolved.
- Agent removal issues have been addressed. The DEINSTALLED signal is now transmitted to the server without errors;
- Product recovery problems have been fixed.
Changes made to the ES Service:
- An issue causing incorrect scanner run time to be transmitted to the server has been resolved;
- The file size limit for multicast updates has been removed;
- An issue causing incorrect move time for quarantined files to be sent to the server has been resolved;
- Also resolved was an issue preventing the agent from switching to another server after access to a higher priority server has been denied;
- Application control issues have been addressed;
- Also resolved was an issue preventing the USERLOGON signal from being sent to the server.
- A problem preventing the server from displaying correct information about agent components has been fixed;
- Information about code 21 events is no longer transmitted to the server as the data about preventive protection incidents;
- Also resolved was an issue involving incorrect agent status information in the Control Center.
Changes made to the Dr.Web SpIDer Agent for Windows:
- The firewall rule list now loads faster. A notification icon is displayed while the table content loads.
- Language module and install-notifier.exe version information is now displayed in the About window;
- The repository update in progress notification is now available for the server.
- An issue preventing application control notifications from being displayed correctly has been resolved.
Changes made to Lua-script main and Lua-script for spider-agent:
- The SpIDer Agent item in the Start menu has been changed to Security Center.
Changes made to Lua-script for es-service:
- ES Service exceptions are now applied to all Windows Firewall profiles.
The update will be performed automatically; however, a system reboot will be required.
12.12 Components updated in Dr.Web 11.5 products for Windows
December 12, 2019
Changes made to the Dr.Web Control Service:
- An issue that could prevent devices from being added to the Allowed list has been resolved.
The update will be performed automatically; however, a system reboot will be required.
12.12 Components updated in Dr.Web Enterprise Security Suite 11.0
December 12, 2019
Changes made to the Dr.Web Control Service:
- An issue that could prevent devices from being added to the Allowed list has been resolved.
The update will be performed automatically; however, a system reboot will be required.
11.12 Doctor Web’s November 2019 virus activity review
December 11, 2019
In November, Doctor Web server statistics confirmed a 3.66% growth in the number of the detected threats as compared with October. The number of unique threats grew by 9.59%. As for email traffic, the most common threats exploited MS Office vulnerabilities. There was also a large number of trojan downloaders and stealers. Adware made up the majority of detected threats. Last month, we also found new Android malware on Google Play. The list featured a dangerous backdoor, trojan adware, and trojans that subscribed users to paid services.
PRINCIPAL TRENDS IN NOVEMBER
- Growth in malware spreading activity
- A decline in ransomware activity
According to Doctor Web statistics servers
Threats of this month:
- Adware.Elemental.14
- Detects adware downloaded from file sharing services because of link spoofing. Instead of normal files, victims get applications that display advertising and install unwanted software.
- Adware.SweetLabs.2
- Alternative app store and add-on for Windows GUI from the creators of Adware.Opencandy.
- Adware.Downware.19627
- Adware that often serves as an intermediary installer of pirate software.
- Adware.Ubar.13
- A torrent client that installs unwanted software on devices.
- Trojan.InstallCore.3553
- Another notorious adware installer. It displays ad banners and installs software without users’ permission.
Statistics for malware discovered in email traffic
- Exploit.Rtf.CVE2012-0158
- Modified Microsoft Office document. Exploits CVE2012-0158 vulnerability in order to run malicious code.
- W97M.DownLoader.2938
- A family of downloader trojans that exploit vulnerabilities in Microsoft Office documents and can download other malicious programs to a compromised computer.
- PDF.Phisher.115
- A PDF document used in phishing newsletters.
- Exploit.ShellCode.69
- A malicious Microsoft Office Word document that exploits the CVE-2017-11882 vulnerability.
- Trojan.PWS.Stealer.23680
- A family of Trojans designed to steal passwords and other confidential information stored on an infected computer.
Encoders
In November, Doctor Web’s technical support service was most commonly dealing with the following trojan encoders:
- Trojan.Encoder.26996 — 34.31%
Trojan.Encoder.858 — 10.42%- Trojan.Encoder.567 — 3.19%
- Trojan.Encoder.28004 — 3.06%
- Trojan.Encoder.10700 — 2.08%
Dr.Web Security Space for Windows protects you from trojan encoders
Dangerous websites
In November 2019, Doctor Web added 162,581 URLs to the Dr.Web database of non-recommended websites.
| October 2019 | November 2019 | Dynamics |
|---|---|---|
| + 254 849 | + 162,581 | - 36.2% |
Malicious and unwanted programs for mobile devices
In November, we detected new malware on Google Play. Again, users were targeted by the trojan adware of the
Doctor Web virus analysts also detected a new version of the
The following November events relating to mobile malware are the most noteworthy:
- detection of new threats on Google Play.
Find out more about malicious and unwanted programs for mobile devices in our special overview.
Learn more with Dr.Web
December 11, 2019
11.12 Doctor Web’s overview of mobile malware detected in November 2019
December 11, 2019
This November, Doctor Web virus analysts detected a number of new threats on Google Play. The list included new modifications to trojans of the
PRINCIPAL TREND IN NOVEMBER
- Malicious software appearing on Google Play
Mobile threat of the month
In November, Doctor Web experts detected a new modification to the
According to statistics collected by Dr.Web for Android
Android.Backdoor .682.origin- A trojan that executes cybercriminals’ commands and helps them control infected mobile devices.
Android.DownLoader .677.origin- A downloader of other malicious software.
Android.Triada .481.origin- A multi-functional trojan that performs various malicious actions.
Android.MobiDash.4006 - Trojan code that displays obnoxious advertising.
Android.RemoteCode .197.origin- A malicious application that downloads and executes arbitrary code.
- Program.FakeAntiVirus.2.origin
Detects adware that imitates anti-virus software. - Program.RiskMarket.1.origin
An app store that contains trojan software and recommends that users install it. - Program.HighScore.3.origin
An app store that invites users to install free Google Play apps by paying for them via expensive text messages. Program.MonitorMinor .1.originProgram.MobileTool .2.origin
Spyware that monitors activities of Android users and may serve as a tool for cyber espionage.
Tool.SilentInstaller .6.originTool.SilentInstaller .7.originTool.SilentInstaller .11.originTool.VirtualApk .1.origin
A riskware platform that allows applications to launch APK files without installing them.- Tool.Rooter.3
A utility designed to obtain root privileges on Android devices. It may be used by cybercriminals and malware.
Program modules that incorporate themselves into Android applications and display obnoxious ads on mobile devices:
- Adware.Dowgin.5.origin
- Adware.Toofan.1.origin
- Adware.BrowserAd.1
- Adware.Myteam.2.origin
- Adware.Altamob.1.origin
Trojans on Google Play
Last month, Doctor Web virus analysts detected a number of new modifications to trojans from the
We also detected the new trojan adware,
To protect your Android device from malware and unwanted programs, we recommend you install Dr.Web for Android.
Your Android needs protection.
Use Dr.Web
- The first Russian anti-virus for Android
- Over 140 million downloads—just from Google Play
- Available free of charge for users of Dr.Web home products
11.12 Adware, encoder activity, and other events of November 2019
December 11, 2019
09.12 Components updated in Dr.Web 11.1 products for Unix-like systems
December 9, 2019
Specifically, it speeds up the database loading process for faster scan query processing.
The update is performed via the Dr.Web repository. If you encounter any problems when updating, please use the instructions from our previous news post to specify the additional repository for the Dr.Web software you use.
03.12 Components updated in Dr.Web 12.0 products for Windows
December 3, 2019
Changes made to the Dr.Web SpIDer Agent for Windows:
- The firewall rule list now loads faster. A notification icon is displayed while the table content loads.
Changes made to the Dr.Web Control Service:
- Issues preventing sysinfo reports from being generated when no Temp directory is found in the Windows folder have been resolved.
Changes made to Dr.Web Updater:
- The module's routines for interacting with updating severs have been optimised.
Changes made to Dr.Web Security Space, Anti-virus for Windows, Anti-virus for Windows servers setup:
- Some UI texts in certain languages have been updated.
Changes made to Lua-script main 12.5.2.10140, Lua-script for spider-agent:
- The SpIDer Agent item in the Start menu has been changed to Security Center.
The update will be performed automatically; however, a system reboot will be required.
02.12 Dr.Web Security Space for Android updated to version 12.5.0
December 2, 2019
New:
- The Anti-theft component can now use push notifications;
- In the Google Play version of the application, the Call and SMS filter component has been changed to Call Filter;
- The new version changes the way the application handles root permissions;
- The ability to disable program scan notifications in the application settings added;
- The ability to connect to servers using self-signed certificates;
- The Administration component now supports all Android versions in a centralised protection mode;
- Application version 15.5.0 operates differently regarding administrator permissions;
- Support for 64-bit architecture added;
- Ping queries now pass through the firewall;
- A new notification channel added Notifications from Friends ; and
- The updated version also incorporates UI tweaks and fixes for known defects.
If you downloaded the Dr. Web application from Google Play, the updates will be downloaded and installed automatically. If you ve disabled automatic updates, go to Google Play, select the Dr.Web Security Space or Dr.Web Security Space Life icon in the application list, and tap "Update.
To update via the Doctor Web site, you need to download a new distribution file. If you ve enabled the New app version option in the settings, a notification will be displayed whenever the virus databases are updated. You can begin the download directly from this dialogue box.
A note for Dr. Web Anti-virus service subscribers who use Dr. Web Security Space for Android: installing the updated version will not overwrite your previous installation. You will need to remove the earlier version manually after the update has been installed.
28.11 Dr.Web Enterprise Security Suite 12.0 Server Update
November 28, 2019
Change log:
- An issue preventing devices from being blocked if multiple device classes or buses were indicated simultaneously has been resolved;
- A defect preventing version 11 of Dr. Web server software from being upgraded to version 12 if MySQL or MariaDB was also being used as a database server has been corrected;
- A server error that occurred while hosts or host groups were being compared in the Control Center has been fixed;
- An issue that stopped the server software from being updated if var-root and home-root directories were located on different partitions has been eliminated;
- A problem preventing items on the Office Control class block list from being removed properly has been eliminated;
- An error that, under certain circumstances, interfered with Dr. Web software updates on protected hosts has been fixed.
The server software can be updated via the Dr. Web Global Update System.
25.11 Dr.Web Office Shield beta testing is underway
November 25, 2019
The Dr.Web Office Shield operates as a gateway between local mail servers and untrusted networks. The distribution is based on Ubutnu 18.04 (Bionic) and uses Linux kernel 4.15, while the Dr.Web Mail Security Suite 11.1 facilitates anti-spam and malware filtering.
With the Dr.Web Office Shield you can:
- Scan inbound SMTP traffic for malware and neutralise it;
- Filter spam and dubious content;
- Block attachments by file type;
- Receive up-to-date information from logs and the monitoring panel; and
- View statistics.
An OVA image is used to deploy the Dr.Web Office Shield in a virtual environment, while a web interface is used to configure and control the solution.
Doctor Web invites all Dr.Web community members to participate in the Dr.Web Office Shield beta-testing. Testers whose advice and comments prove to be most helpful in improving the product will receive gifts from Doctor Web. Please note that registration is required to access the beta-testing section.
Important! This beta version is not the final version of the new Dr. Web Office Shield. The product is being tested prior to its release and the final version may differ from the beta release.
22.11 Components updated in Dr.Web 11.1 products for Unix-like systems
November 22, 2019
Changes affecting Dr.Web Anti-virus 11.1 for Unix Mail Servers, Dr.Web Anti-virus 11.1 for Linux, Dr.Web Anti-virus 11.1 for Unix Server and Dr.Web Anti-virus 11.1 for Internet gateways Unix.
drweb-statd:
- The update eliminates a database rotation problem that occurred while messages with multiple attachments were being scanned.
Changes affecting Dr.Web Anti-virus 11.1 for Unix Mail Servers and Dr.Web Anti-virus 11.1 for Linux
drweb-maild:
- An issue preventing temporary files from being deleted has been eliminated.
The update is performed via the Dr.Web repository. If you encounter any problems when updating, please use the instructions from our previous news post to specify the additional repository for the Dr.Web software you use.
20.11 Agent software updated in Dr.Web Enterprise Security Suite 11.0
November 20, 2019
Changes made to the Dr.Web Net filtering Service:
- Problems occurring when the Mikrotik routers' web interface was being accessed have been fixed.
- An issue preventing the Your Phone application on Windows 10 PCs from establishing a connection to Android devices has been resolved;
- An issue preventing the service from being started on computers running Windows Vista x64 has been resolved.
Changes made to Lua-script for antispam:
- An issue causing the anti-virus setup to freeze while the anti-spam was being installed has been eliminated.
Changes made to Dr.Web Updater:
- Updating routines have been optimised.
Changes made to DwService::
- Also eliminated was a problem that prevented REBOOTSYSTEM messages in Cyrillic font from being displayed correctly.
The update will be performed automatically; however, a system reboot will be required.
19.11 Dr.Web Anti-rootkit API updated in Dr.Web 12.0 products for Windows
November 19, 2019
Specifically, it improves anti-rootkit detection and neutralisation routines.
The update will be downloaded and installed automatically.
19.11 Dr.Web CureIt! updated
November 19, 2019
Specifically, threat detection and neutralisation routines have been enhanced.
18.11 Dr.Web Virus-Finding Engine updated
November 18, 2019
The update fixes signature-extraction errors and resolves data-processing issues affecting the following executable file formats: CRX, AHK, SQUASHFS, ULTRAPROTECT, PE-files with double headers (UPX for ARMADILLO), ASPROTECT and FLY-CODE.
Dr.Web Virus-Finding Engine has been updated in the following products:
- Dr.Web 9/10/11.0/11.1 for macOS
- Dr.Web 6/11.0/11.1 for Unix Server
- Dr.Web 6/11.0/11.1 for Unix Mail Servers
- Dr.Web Anti-virus 6/11.0/11.1 for Internet gateways Unix
- Dr.Web Anti-virus 6/11.0/11.1 for Linux
- Dr.Web Security Space 7/8/9/10/11.0/11.5/12
- Dr.Web Anti-virus 7/8/9/10/11.0/11.5/12 for Windows
- Dr.Web 7/8/10/11.0/11.5/12 for Windows Servers
- Dr.Web 10/11/11.5/12 for MS Exchange
- Dr.Web 10/11.0/11.5/12 for M Lotus Domino (version for Windows)
- Dr.Web 6.0 for IBM Lotus Domino (Linux-version)
- Dr.Web AV-Desk 10.00.1/10.01.0
- Dr.Web ATM Shield 6
- Dr.Web Enterprise Security Suite 10.00.0/10.00.1/10.01.0/11.00/12.0 (Windows)
- Dr.Web 6 for MIMEsweeper
- Dr.Web LiveCD 9
- Dr.Web for Novell NetWare 7
- Dr.Web 6.0 for Qbik WinGate
- Dr.Web 6.0 for for Trafficinspector
- Dr.Web CureNet! 10/11
- Dr.Web 11.0 for Microsoft ISA Server and Forefront TMG
- Dr.Web 6.0 for Kerio mail servers (Windows)
- Dr.Web 11.1 for Kerio mail servers (Linux)
- Dr.Web 6.0 for Internet gateways Kerio (Windows)
- Dr.Web 11.0/11.1 for Internet gateways Kerio (Linux)
The update will be downloaded and installed automatically.
14.11 Dr.Web vxCube updated to version 1.4.10
November 14, 2019
Changes made to the analysis service:
- The causes behind possible analysis and detection errors have been eliminated.
- Analysis report formatting errors have been fixed.
- Issues that could occur while a Dr.Web CureIt! build was being generated have been resolved.
To purchase a license, please contact our sales support service.
With a Dr.Web vxCube trial license, available here, you can examine 10 objects in 10 days.
14.11 New anti-spam library in Dr.Web 11.1 for Unix-like systems
November 14, 2019
In addition to the libvaderetro library, the aforementionedDr.Web 11.1 products will now use *.kwo update files to maintain their anti-spam functionality.
To make full use of LivePatch, install the latest versions of the software with up-to-date components from the official Dr.Web repository or download the corresponding run-packages from Doctor Web's site.
14.11 Components updated in Dr.Web KATANA 1.0
November 14, 2019
Changes made to Dr.Web Protection for Windows:
- Adjustments have been made to ensure compatibility with Windows 10 Redstone 6.
Changes made to the Dr.Web Shellguard anti-exploit module:
- An issue causing anti-exploit module false positives to occur while MS Office 2019 and the Office Tab 13.0 plugin or Habel software were in use has been fixed.
Changes made to Dr.Web Anti-rootkit API:
- Enhanced threat detection and neutralisation routines.
The update will be performed automatically; however, a system reboot will be required.
14.11 Dr.Web Agent for Active Directory in Dr.Web Enterprise Security Suite 12.0 updated
November 14, 2019
Specifically, it eliminates an issue that caused an Active Directory policy to repeatedly attempt to install the Agent software on computers where the agent had already been installed
The update will be downloaded and installed automatically.
