My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets


Doctor Web virus activity overview for January 2015

February 3, 2015

According to Doctor Web's security researchers, in the first month of 2015 cybercriminals organised mass mailings of malware designed to install other dangerous applications on infected computers. In January, many Windows users suffered under the effects of encoders. As before, the number of Trojans and other malware programs threatening users of Android-powered devices remained high.


  • Mass mailings of Trojans designed to install other malicious applications.
  • The spread of encryption ransomware, posing a serious hazard to Windows users.
  • New malicious applications for Android-powered devices.

Threat of the month

In mid-January, attackers carried out a mass mailing of Trojan.DownLoad3.35539.

According to Doctor Web security researchers, messages of this kind come in many languages including English, German, and even Georgian.


Files compromised by this encryption Trojan can't be recovered.

However, this malware is successfully detected by Dr.Web Anti-virus and, thus, users are protected from this Trojan’s activities.

More information about this incident can be found in a news article published by Doctor Web.

Encryption ransomware

The number of requests for decryption received by the technical support service

December 2014January 2015Movement

In January, the number of users compromised by Trojan.Encoder.686 increased — the anti-virus laboratory recorded 51 requests. Trojan.Encoder.686 was compiled using TOR and OpenSSL libraries and relies heavily on their encryption routines. While encrypting data, the ransomware uses CryptoAPI to generate random data as well as elliptic curve cryptography.


Virus writers give their victims only 96 hours to pay the ransom required to recover their files and threaten that a failure to comply with their demands will result in permanent data loss. To acquire information about the terms and the ransom amount, users are directed to a site residing in the TOR network

Unfortunately, it is currently impossible to decrypt files affected by Trojan.Encoder.686. However, Dr.Web successfully detects this malicious program, and users of our products are protected from its actions.

The other most common encoders:

By performing timely backups and placing reasonable restrictions on user privileges, and by using a state-of-the-art anti-virus equipped with routines that neutralise such threats, PC owners can protect their data from encryption ransomware. Dr.Web Security Space 10.0 possesses effective tools for countering encoders; these include special preventative protection components that keep data safe from the activities of ransomware.

Use Data Loss Prevention to protect your files from  encryption ransomware

Only available in Dr.Web Security Space 9 and 10
More about encryption ransomware Configuration presentations tutorial Free decryption

According to statistics gathered by Dr.Web CureIt!


According to Doctor Web's statistics servers


Statistics concerning malicious programs discovered in email traffic




Win32.Sector has been known since 2008 and is a complex polymorphic virus that can spread on its own (without user participation) and infect file objects.

Its key functions are to:


Threats to Linux

In January 2015 Doctor Web's security researchers discovered several new samples of malware for Linux, the most interesting of which is the file virus Linux.EbolaChan.

Still active, Linux.BackDoor.Gates.5 continues to carry out DDoS attacks on various Internet resources. In January 2015, Doctor Web's security researchers registered attacks on 5,009 unique IP addresses. As before, most of them are located in China:


Fraudulent and non-recommended sites

During January 2015, we added 10,431 Internet addresses to the Dr.Web database of non-recommended sites.

December 2014January 2015Movement
10 46210 431+0,3%

Parental Control, which is available in Dr.Web Security Space 10.0, can provide protection from various Internet scams. The Parental Control component lets you limit access to websites related to a certain topic and filter suspicious content. And, using its database of non-recommended URLs, the component can shield users from fraudulent sites, potentially dangerous and shocking content, and from sites which are known to distribute malware.

Learn more about Dr. Web non-recommended sites

Malicious and unwanted software threatening Android

In January 2015 a large number of new malware programs as well as other dangerous Android programs were detected. The newest among them are the following:

These malicious applications were particularly active in South Korea where they are spread with unsolicited short messages containing their download links.

We detected over 40 such spam campaigns involving several malicious programs.

Find out more about malicious programs for Android in our special overview.

Learn more with Dr.Web

Virus statistics Virus descriptions Virus monthly reviews Laboratory-live