November 13, 2019
In October, Dr.Web server statistics showed an increase in the total number of threats compared to September. The number of unique threats dropped by 6.86%. The most common threat in email traffic was malware that exploits vulnerabilities in Microsoft Office documents, as well as phishing newsletters. A password stealing trojan topped the list of detected malware and unwanted software, but adware still makes up the majority of all threats.
Principal trends in October
- A drop in spreading activity of unique malware
- An upturn in encoder activity
According to Doctor Web’s statistics servers
Threats of this month:
- Trojan.PWS.Siggen2.34629
- A trojan designed to steal passwords.
- Adware.Elemental.14
- Detects adware downloaded from file sharing services because of link spoofing. Instead of normal files, victims get applications that display advertising as well as install unwanted software.
- Adware.SweetLabs.2
- Alternative app store and add-on for Windows GUI from the creators of Adware.Opencandy.
- Adware.Softobase.15
- An installer that distributes outdated software. It changes browser settings.
- Adware.Ubar.13
- A torrent client that installs unwanted software on devices.
- Trojan.InstallCore.3553
- Another notorious adware installer. It displays ad banners and installs software without users’ permission.
Statistics for malware discovered in email traffic
- Exploit.Rtf.CVE2012-0158
- A modified Microsoft Office Word document that exploits the CVE2012-0158 vulnerability to execute malicious code.
- W97M.DownLoader.2938
- A modified Microsoft Office Word document that exploits the CVE2012-0158 vulnerability to execute malicious code.
- PDF.Phisher.115
- A PDF document used in phishing newsletters.
- Exploit.ShellCode.69
- A malicious Microsoft Office Word document that exploits the CVE-2017-11882 vulnerability.
- Trojan.PWS.Siggen2.34629
- A trojan designed to steal passwords.
- Trojan.PWS.Stealer.19347
- A family of trojans designed to steal passwords and other confidential information stored on an infected computer.
Encoders
In October, cases involving the following trojan encoders were most commonly registered by Doctor Web’s technical support service:
- Trojan.Encoder.858 — 16.34%
- Trojan.Encoder.10700 — 6.27%
- Trojan.Encoder.29750 — 2.81%
- Trojan.Encoder.11539 — 2.64%
- Trojan.Encoder.25574 — 2.64%
- ACCDFISA v2 — 2.48%
- Trojan.Encoder.11464 — 2.15%
Dr.Web Security Space for Windows protects against encryption ransomware
Dangerous websites
In October 2019, the database of non-recommended and malicious websites was updated with 254,849 webpages.
| September 2019 | October 2019 | Dynamics |
|---|---|---|
| + 238 637 | + 254 849 | + 6.79% |
Malicious and unwanted programs for mobile devices
Last month, Doctor Web virus analysts revealed a number of threats on Google Play. They included clicker trojans from the Android.Clickfamily that subscribed users to premium services. Cybercriminals also distributed the Android.HiddenAds trojan adware and the Android.SmsSpy, malware that hooked incoming text messages. In October, our experts detected new modifications to the Android.Joker trojan family. They were able to execute arbitrary code at cybercriminals’ command and clandestinely subscribe victims to costly mobile services.
The most noticeable October event related to mobile malware:
- rapid distribution of malware on Google Play.
Find out more about malicious and unwanted programs for mobile devices in our special overview.
