My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Doctor Web’s July 2016 virus activity review

July 29, 2016

July is traditionally considered a quiet month in terms of information security. Thus, in most cases, our specialists detected modifications of already-known threats. For example, at the beginning of July, we added to our virus database yet another signature for Linux.Encoder.4, which works in Linux operating systems. Judging by information posted on one foreign blog, this Trojan was the result of a student research project, and it was not being spread in the wild.

In the end of July, our security researchers registered the emergence of Trojan.MulDrop6.48664—a dropper Trojan that installs the infamous BackDoor.TeamViewer.49 on computers. (For more details about BackDoor.TeamViewer.49, refer to this news article.) However, this time, hackers disguised the dropper as a questionnaire application that was allegedly being distributed by a popular Russian airline.

screen BackDoor.TeamViewer.49 #drweb


  • Dangerous encryption ransomware for Linux
  • Distribution of a dropper Trojan for Windows
  • New malicious programs for Android

According to statistics collected by Dr.Web CureIt!

According to statistics collected by Dr.Web CureIt! #drweb

According to Doctor Web statistics servers

According to Doctor Web statistics servers #drweb

Statistics concerning malicious programs discovered in email traffic

Statistics concerning malicious programs discovered in email traffic #drweb

Encryption ransomware

Encryption ransomware #drweb

Dr.Web Security Space 11.0 for Windows
protects against encryption ransomware

This feature is not available in Dr.Web Anti-virus for Windows.

Data Loss Prevention
Preventive ProtectionData Loss Prevention

Dangerous websites

During July 2016, 139,803 URLs were added to the Dr.Web database of non-recommended websites.

June 2016July 2016Dynamics

Currently, Doctor Web is revising the databases of Dr.Web SpIDer Gate and Parental Control to remove links to non-operational or non-existent websites, which will reduce the number of files downloaded to user computers. That is why the number of URLs for non-recommended websites decreased considerably in July.

Non-recommended websites

Malicious and unwanted programs for mobile devices

In July, Doctor Web specialists discovered over 150 applications on Google Play that contain an adware Trojan named Android.Spy.305.origin. The Trojan can display ads on top of running applications and on the status bar, and steal private information. In addition, the past month was marked by the emergence of Android.Spy.178.origin, the Trojan incorporated into a modification of the popular game—Pokémon Go. Criminals used this Trojan to gain access to confidential user data.

Among the most notable July events related to mobile malware:

Find out more about malicious and unwanted programs for mobile devices in our special overview.

Learn more with Dr.Web

Virus statistics Virus descriptions Virus monthly reviews