Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Doctor Web’s November 2019 virus activity review

December 11, 2019

In November, Doctor Web server statistics confirmed a 3.66% growth in the number of the detected threats as compared with October. The number of unique threats grew by 9.59%. As for email traffic, the most common threats exploited MS Office vulnerabilities. There was also a large number of trojan downloaders and stealers. Adware made up the majority of detected threats. Last month, we also found new Android malware on Google Play. The list featured a dangerous backdoor, trojan adware, and trojans that subscribed users to paid services.

PRINCIPAL TRENDS IN NOVEMBER

  • Growth in malware spreading activity
  • A decline in ransomware activity

According to Doctor Web statistics servers

According to Doctor Web statistics servers #drweb

Threats of this month:

Adware.Elemental.14
Detects adware downloaded from file sharing services because of link spoofing. Instead of normal files, victims get applications that display advertising and install unwanted software.
Adware.SweetLabs.2
Alternative app store and add-on for Windows GUI from the creators of Adware.Opencandy.
Adware.Downware.19627
Adware that often serves as an intermediary installer of pirate software.
Adware.Ubar.13
A torrent client that installs unwanted software on devices.
Trojan.InstallCore.3553
Another notorious adware installer. It displays ad banners and installs software without users’ permission.

Statistics for malware discovered in email traffic

Statistics for malware discovered in email traffic #drweb

Exploit.Rtf.CVE2012-0158
Modified Microsoft Office document. Exploits CVE2012-0158 vulnerability in order to run malicious code.
W97M.DownLoader.2938
A family of downloader trojans that exploit vulnerabilities in Microsoft Office documents and can download other malicious programs to a compromised computer.
PDF.Phisher.115
A PDF document used in phishing newsletters.
Exploit.ShellCode.69
A malicious Microsoft Office Word document that exploits the CVE-2017-11882 vulnerability.
Trojan.PWS.Stealer.23680
A family of Trojans designed to steal passwords and other confidential information stored on an infected computer.

Encoders

In November, Doctor Web’s technical support service was most commonly dealing with the following trojan encoders:

Encoders #drweb

Dangerous websites

In November 2019, Doctor Web added 162,581 URLs to the Dr.Web database of non-recommended websites.

October 2019 November 2019 Dynamics
+ 254 849 + 162,581 - 36.2%

Malicious and unwanted programs for mobile devices

In November, we detected new malware on Google Play. Again, users were targeted by the trojan adware of the Android.HiddenAds family that displayed obnoxious banners and interfered with the normal work with Android devices. Apart from that, cybercriminals were spreading the malware of the Android.Joker family. These trojans spy on victims and subscribe them to paid services; while some modifications can execute arbitrary code and launch extra malicious modules.

Doctor Web virus analysts also detected a new version of the Android.Backdoor.735.origin backdoor that executes cybercriminal commands and is designed as spyware.

The following November events relating to mobile malware are the most noteworthy:

Find out more about malicious and unwanted programs for mobile devices in our special overview.

The Russian developer of Dr.Web anti-viruses
Doctor Web has been developing anti-virus software since 1992
Dr.Web is trusted by users around the world in 200+ countries
The company has delivered an anti-virus as a service since 2007
24/7 tech support

Dr.Web © Doctor Web
2003 — 2020

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125124