Doctor Web’s November 2019 virus activity review
December 11, 2019
In November, Doctor Web server statistics confirmed a 3.66% growth in the number of the detected threats as compared with October. The number of unique threats grew by 9.59%. As for email traffic, the most common threats exploited MS Office vulnerabilities. There was also a large number of trojan downloaders and stealers. Adware made up the majority of detected threats. Last month, we also found new Android malware on Google Play. The list featured a dangerous backdoor, trojan adware, and trojans that subscribed users to paid services.
PRINCIPAL TRENDS IN NOVEMBER
- Growth in malware spreading activity
- A decline in ransomware activity
According to Doctor Web statistics servers
Threats of this month:
- Adware.Elemental.14
- Detects adware downloaded from file sharing services because of link spoofing. Instead of normal files, victims get applications that display advertising and install unwanted software.
- Adware.SweetLabs.2
- Alternative app store and add-on for Windows GUI from the creators of Adware.Opencandy.
- Adware.Downware.19627
- Adware that often serves as an intermediary installer of pirate software.
- Adware.Ubar.13
- A torrent client that installs unwanted software on devices.
- Trojan.InstallCore.3553
- Another notorious adware installer. It displays ad banners and installs software without users’ permission.
Statistics for malware discovered in email traffic
- Exploit.Rtf.CVE2012-0158
- Modified Microsoft Office document. Exploits CVE2012-0158 vulnerability in order to run malicious code.
- W97M.DownLoader.2938
- A family of downloader trojans that exploit vulnerabilities in Microsoft Office documents and can download other malicious programs to a compromised computer.
- PDF.Phisher.115
- A PDF document used in phishing newsletters.
- Exploit.ShellCode.69
- A malicious Microsoft Office Word document that exploits the CVE-2017-11882 vulnerability.
- Trojan.PWS.Stealer.23680
- A family of Trojans designed to steal passwords and other confidential information stored on an infected computer.
Encoders
In November, Doctor Web’s technical support service was most commonly dealing with the following trojan encoders:
- Trojan.Encoder.26996 — 34.31%
- Trojan.Encoder.858 — 10.42%
- Trojan.Encoder.567 — 3.19%
- Trojan.Encoder.28004 — 3.06%
- Trojan.Encoder.10700 — 2.08%
Dr.Web Security Space for Windows protects you from trojan encoders
Dangerous websites
In November 2019, Doctor Web added 162,581 URLs to the Dr.Web database of non-recommended websites.
| October 2019 | November 2019 | Dynamics |
|---|---|---|
| + 254 849 | + 162,581 | - 36.2% |
Malicious and unwanted programs for mobile devices
In November, we detected new malware on Google Play. Again, users were targeted by the trojan adware of the Android.HiddenAds family that displayed obnoxious banners and interfered with the normal work with Android devices. Apart from that, cybercriminals were spreading the malware of the Android.Joker family. These trojans spy on victims and subscribe them to paid services; while some modifications can execute arbitrary code and launch extra malicious modules.
Doctor Web virus analysts also detected a new version of the Android.Backdoor.735.origin backdoor that executes cybercriminal commands and is designed as spyware.
The following November events relating to mobile malware are the most noteworthy:
- detection of new threats on Google Play.
Find out more about malicious and unwanted programs for mobile devices in our special overview.