Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Doctor Web’s October 2020 virus activity review

November 09, 2020

Our October analysis of Dr.Web’s statistics revealed a 37.80% increase in the total number of threats compared to the previous month. With that, the number of unique malware decreased by 2.64%. Adware and trojan installers still occupy the top spot for detected threats. The Trojan.SpyBot.699 banker along with malware that exploits vulnerabilities in Microsoft Office programs were the most frequently detected malicious software in email traffic. Additionally, malicious HTML documents that were distributed as attachments and redirected users to phishing websites remained a threat.

The number of requests to decrypt files effected by trojan encoders remained at the same levels for the fourth month. Trojan.Encoder.26996 was the most active, accounting for 26.34% of all incidents.

Principal trends in October

  • A growing number of detected malicious software
  • Adware remain among the most active threats

According to Doctor Web’s statistics service

According to Doctor Web’s statistics service #drweb

The most common threats in October:

Adware.Downware.19741
Adware that often serves as an intermediary installer of pirate software.
Adware.Elemental.17
Adware that spreads through file sharing services as a result of link spoofing. Instead of normal files, victims receive applications that display advertisements and install unwanted software.
Adware.Softobase.15
Installation adware that spreads outdated software and changes browser settings.
Trojan.LoadMoney.4020
A family of malware installers that deploys additional components on victims’ computers along with the required applications. Some trojan modifications can collect various information about the attacked computer and transmit it to hackers.
Trojan.AutoIt.289
A malicious utility program written in AutoIt language and distributed as part of a miner or RAT trojan. It performs various malicious actions that make it difficult to detect the main payload.

Statistics for malware discovered in email traffic

Statistics for malware discovered in email traffic #drweb

Tool.KMS.7
Hacking tools used to activate illegal copies of Microsoft software.
Trojan.SpyBot.699
A multi-module banking trojan that allows cybercriminals to download and launch various applications on an infected device and run arbitrary code.
W97M.DownLoader.2938
A family of downloader trojans that exploits vulnerabilities in Microsoft Office documents and can download other malicious programs to a compromised computer. It is designed to download other malware onto a compromised computer.
HTML.Redirector.33
HTML.Redirector.32
Malicious HTML documents often disguised as harmless email attachments. Upon opening, the code redirects users to phishing websites or downloads payload with malware to the computers.

Encryption ransomware

In October, Doctor Web’s virus laboratory registered 1.67% fewer requests to decode files encoded by trojan ransomware than in September.

Encryption ransomware #drweb

Dangerous websites

In October 2020, the database of non-recommended and malicious websites was updated with 157,076 webpages.

September 2020 October 2020 Dynamics
+ 152,270 + 157,076 + 3.16%

Malicious and unwanted programs for mobile devices

The total number of October threats on Android devices increased by 12.36% compared to the previous month. At the same time, riskware detections have increased nearly 3-fold. The spike occurred due to the spread of applications protected by a specialized software obfuscator. Malware creators can use the software to make their trojans less visible to anti-virus programs.

In October, Doctor Web malware analysts detected new threats in the Google Play catalog. They include new modifications of Android.FakeApp that downloaded fraudulent websites, as well as the Android.HiddenAds.2314 trojan.

The following October events related to mobile malware are the most noteworthy:

Find out more about malicious and unwanted programs for mobile devices in our special overview.

The Russian developer of Dr.Web anti-viruses
Doctor Web has been developing anti-virus software since 1992
Dr.Web is trusted by users around the world in 200+ countries
The company has delivered an anti-virus as a service since 2007
24/7 tech support

Dr.Web © Doctor Web
2003 — 2020

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125124