My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


July 2019 virus activity review from Doctor Web

August 5, 2019

In July Dr.Web’s statistics showed a 54.21% decrease in the number of detected threats compared to June. While the unique threats almost doubled. E-mail traffic was dominated by malware that uses Microsoft Office programs’ vulnerabilities. Adware and unwanted programs still occupy the top of all detected threats. The lead ransomware in July, Trojan.Encoder.858, accounted for 21.15% of all requests for data decryption received in support of Doctor Web.

Doctor Web’s researchers have prepared a study that describes trends in the most common threats for smart devices and the Internet of Things (IoT) as a whole. This review is based on statistical data that has been gathered from our honeypots since 2016 and intends to draw attention to the security problem in the field of IoT.

Read the research

Principal trends in July

  • An increase in spreading activity of unique malware
  • A decline in ransomware activity

According to Doctor Web’s statistics servers

According to Doctor Web’s statistics servers #drweb

Threats of the month:

A torrent client designed to install unwanted programs on a user’s device.
Installation adware that spreads outdated software and changes the browser’s settings.
This program installs malicious browser extensions that redirect search results to different websites.
A ransomware trojan that blocks or limits a user’s access to the Windows operating system and its functionalities. In order to unlock the system, a user must transfer money to the cybercriminals.
Downloads and runs malicious software without the user’s permission.

Statistics for malware discovered in email traffic

Statistics for malware discovered in email traffic #drweb

A modified Microsoft Office document. It exploits the CVE2012-0158 vulnerability in order to run malicious code.
A family of downloader trojans that exploit vulnerabilities in Microsoft Office applications. Designed to download other malware onto a compromised computer.
Another malicious Microsoft Office Word document that uses the CVE-2017-11882 vulnerability.
A family of malicious JavaScripts. They download and install malicious software on a computer.

Encryption ransomware

In July, the most common cases involving the following ransomware were registered by Doctor Web’s technical support service:

Encryption ransomware #drweb

Dangerous websites

During July 2019, Doctor Web added 123,251 URLs to the Dr.Web database of non-recommended sites.

June 2019 July 2019 Dynamics
+ 151 162 + 123 251 -18.46%

Malicious and unwanted programs for mobile devices

In mid-July, Doctor Web researchers detected a new dangerous trojan Android.Backdoor.736.origin on Google Play, through which attackers remotely controlled infected Android devices. This backdoor was able to install apps, steal sensitive data and perform other malicious actions at the developer’s command.

Among other detected threats were new trojans of the Android.HiddenAds family, which hid their icons from the main screen and displayed ads. Additionally, Doctor Web analysts discovered several programs with embedded the advertising module Adware.HiddenAds.9.origin. They displayed banners even while being closed.

New entries for detecting trojans of the Android.Spy family, which were used for cyber espionage, were added to the Dr.Web’s virus database.

Among the most notable July events related to mobile malware:

Find out more about malicious and unwanted programs for mobile devices in our monthly review.