My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Doctor Web’s December 2019 virus activity review

January 29, 2020

In December, Dr.Web server statistics revealed an increase in the total number of threats by 83.26% compared with the previous month. The number of unique threats dropped only slightly by 0.75%. Adware and unwanted programs still occupy the top spot for detected threats. The most common threat found in email traffic was malware that exploits vulnerabilities in Microsoft Office documents.

The number of requests to decrypt files effected by trojan encoders has slightly decreased. Trojan.Encoder.26996 was the most active encoder, accounting for 22.62% of all incidents.

Principal trends in December

  • Growth in malware spreading activity
  • Advertising trojans and adware remain amongst the most active threats
  • A decline in ransomware activity

According to Doctor Web’s statistics servers

According to Doctor Web statistics servers #drweb

The most common threats in December:

Adware that spreads through file sharing services as a result of link spoofing. Instead of normal files, victims receive applications that display advertisements and install unwanted software.
Installation adware that spreads outdated software and changes the browser’s settings.
An alternative app store and add-on for Windows GUI from the creators of Adware.Opencandy.
Adware that often serves as an intermediary installer of pirate software.
Another notorious adware installer that displays ad banners and installs software without user permission.

Statistics for malware discovered in email traffic

Statistics for malware discovered in email traffic #drweb

A modified Microsoft Office document that exploits the CVE2012-0158 vulnerability in order to run malicious code.
A family of downloader trojans that exploits vulnerabilities in Microsoft Office documents and can download other malicious programs to a compromised computer.
Trojan spyware that hooks characters entered using the keyboard (keylogger).
A malicious Microsoft Office Word document that exploits the CVE-2017-11882 vulnerability.
A PDF document used in phishing newsletters.

Encryption ransomware

In December, Doctor Web’s technical support service most commonly dealt with the following trojan encoders:

Encryption ransomware #drweb

Dangerous websites

In December 2019, Doctor Web added 162,535 URLs to the Dr.Web database of non-recommended websites.

November 2019 December 2019 Dynamics
+ 162 581 + 162 535 - 0.03%

Malicious and unwanted programs for mobile devices

In December, cybercriminals also continued spreading new modifications of Android.Joker malware on Google Play. These trojans subscribe victims to paid services and execute arbitrary code at the request of the Command and Control server. On top of that, Doctor Web virus analysts detected additional malicious software that ran arbitrary code and launched other malicious modules.

The most noteworthy December event relating to mobile malware was the detection of new threats on Google Play.