Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Doctor Web’s February 2019 virus activity review

March 1, 2019

In February Dr.Web’s statistics showed a 9.73% decrease in the number of unique threats compared to January. Malware activity this month barely topped the numbers of December 2018, but for some threats there are clear dynamics. For example, the activity of the JS.Miner.28 which had been increasing in January, continued to grow and finally outperformed its competitor - JS.Miner.11. At the same time, Trojan.Starter.7394 grew by 14.29% compared to January, when Trojan.DownLoader26.28109 on the other hand, had a three-fold decrease in the number of detected threats. Additionally, the amount of URLs added to Dr.Web’s database of non-recommended and dangerous websites decreased by 1.68%. And the technical support statistics registered a decrease in the number of applications submitted by the ransomware victims.

Principal trends in February

  • Decreased number of threats found in email traffic
  • Spike of activity among adware, torrent clients and unwanted programs

According to Doctor Web’s statistics servers

According to Dr.Web Anti-virus statistics

Threat of the month:

Adware.Softobase.12
Installation adware that spreads outdated software and changes the browser’s settings. Installation adware that spreads outdated software and changes the browser’s settings.
Adware.Ubar.13
A torrent client designed to install unwanted programs on a user’s device.
Trojan.Starter.7394
Trojan designed for launching other malicious software on a victim’s device.
Adware.Downware.19283
The sort of adware that is usually distributed as an installer for pirated software. Upon installation, it changes a browser’s settings and may install other software without asking for the user’s permission. The sort of adware that is usually distributed as an installer for pirated software. Upon installation, it changes a browser’s settings and may install other software without asking for the user’s permission.
Trojan.MulDrop8.60634
Install—install the Trojan Installs malware in a system. All the components necessary for installation are usually stored inside the MulDrop itself.

Decreased amount of threats from:

Trojan.Encoder.11432
Infamous ransomware also known as WannaCry. Blocks access to users’ data by encrypting it and demanding payment for decrypting the data.
Trojan.DownLoader26.28109
Downloads and runs malicious software without the user’s permission.

Statistics for malware discovered in email traffic

Statistics for malware discovered in email traffic #drweb

JS.DownLoader.1225
A family of malicious JavaScripts. They download and install malicious software on a computer.
W97M.DownLoader.2938
A family of downloader Trojans that exploit vulnerabilities in office applications. Designed for downloading other malware to a compromised computer.
Exploit.ShellCode.69
Another malicious Microsoft Office Word document. This one uses vulnerability called CVE-2017-11882. Использует vulnerability CVE-2017-11882.
Exploit.Rtf.CVE2012-0158
Modified Microsoft Office document. Exploits CVE2012-0158 vulnerability in order to run malicious code.
JS.Miner.28
JavaScript miner called «CryptoLoot». Its purpose is to mine the Monero cryptocurrency in a browser without asking for the user’s permission. Often used as an alternative to the CoinHive miner.
Trojan.PWS.Stealer.23680
A family of Trojans designed to steal passwords and other confidential information stored on an infected computer.

Encryption ransomware

Encryption ransomware

In February, Doctor Web’s technical support was most often contacted by victims of the following encryption ransomware:

Dangerous websites

During February 2019, 288 159 URLs of non-recommended websites were added to the Dr.Web database.

January 2019February 2019Dynamics
+ 293 012+ 288 159-1.68%

Malicious and unwanted programs for mobile devices

Last month Dr.Web’s analysts found many malicious and unwanted programs designed for Android OS. The analysts also uncovered an advertising campaign that helped spread trojans of Android.HiddenAds family. Android.HiddenAds. The ads were placed on YouTube and Instagram and invited users to download applications for video and photo editing, which turned out to be carrying malware inside them.

In February our researchers added a few new entries for detecting the Android.FakeApp type of malware. Android.FakeApp. Those trojans opened websites that suggested completing a survey for some substantial reward. In order to receive the promised reward a user had to pay commission fees or complete a test transaction to confirm their identity. If they agreed, the money would be lost and no reward would be granted.

Beyond that, malware developers were spreading a dangerous trojan called Android.RemoteCode.2958, which downloaded other malware by executing remote code. A Android.RemoteCode.2958 that distributes and installs other malicious programs on Android devices. Another malware found by our analytics - Android.Proxy.4, it was used for creating proxy servers on a compromised device. And Doctor Web’s virus database got updated with new entries of adware families called Adware.Sharf.2 and Adware.Patacore.

The most noticeable February event related to mobile malware:

Find out more about malicious and unwanted programs for mobile devices in our special overview.

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040