Doctor Web’s October 2019 virus activity review

[% DEFAULT FILE_REVIEW = ''; NAME_SOME_ARRAY_IN_MACROSNAME = [ { box => "Overview" }, { box => "Statistics" }, { box => "Encryption ransomware" }, { box => "Dangerous websites" }, { box => "Mobile devices" } ] %] [% BLOCK global.tpl_blueprint.content %]

November 13, 2019

In October, Dr.Web server statistics showed an increase in the total number of threats compared to September. The number of unique threats dropped by 6.86%. The most common threat in email traffic was malware that exploits vulnerabilities in Microsoft Office documents, as well as phishing newsletters. A password stealing trojan topped the list of detected malware and unwanted software, but adware still makes up the majority of all threats.

According to Doctor Web’s statistics servers

Threats of this month:

Trojan.PWS.Siggen2.34629

A trojan designed to steal passwords.

Adware.Elemental.14

Detects adware downloaded from file sharing services because of link spoofing. Instead of normal files, victims get applications that display advertising as well as install unwanted software.

Adware.SweetLabs.2

Alternative app store and add-on for Windows GUI from the creators of Adware.Opencandy.

Adware.Softobase.15

An installer that distributes outdated software. It changes browser settings.

Adware.Ubar.13

A torrent client that installs unwanted software on devices.

Trojan.InstallCore.3553

Another notorious adware installer. It displays ad banners and installs software without users’ permission.

Statistics for malware discovered in email traffic

Exploit.Rtf.CVE2012-0158

A modified Microsoft Office Word document that exploits the CVE2012-0158 vulnerability to execute malicious code.

W97M.DownLoader.2938

A modified Microsoft Office Word document that exploits the CVE2012-0158 vulnerability to execute malicious code.

PDF.Phisher.115

A PDF document used in phishing newsletters.

Exploit.ShellCode.69

A malicious Microsoft Office Word document that exploits the CVE-2017-11882 vulnerability.

Trojan.PWS.Siggen2.34629

A trojan designed to steal passwords.

Trojan.PWS.Stealer.19347

A family of trojans designed to steal passwords and other confidential information stored on an infected computer.

Encoders

In October, cases involving the following trojan encoders were most commonly registered by Doctor Web’s technical support service:

• Trojan.Encoder.858 — 16.34%
• Trojan.Encoder.10700 — 6.27%
• Trojan.Encoder.29750 — 2.81%
• Trojan.Encoder.11539 — 2.64%
• Trojan.Encoder.25574 — 2.64%
• ACCDFISA v2 — 2.48%
• Trojan.Encoder.11464 — 2.15%

Dangerous websites

In October 2019, the database of non-recommended and malicious websites was updated with 254,849 webpages.

Malicious and unwanted programs for mobile devices

Last month, Doctor Web virus analysts revealed a number of threats on Google Play. They included clicker trojans from the Android.Clickfamily that subscribed users to premium services. Cybercriminals also distributed the Android.HiddenAds trojan adware and the Android.SmsSpy, malware that hooked incoming text messages. In October, our experts detected new modifications to the Android.Joker trojan family. They were able to execute arbitrary code at cybercriminals’ command and clandestinely subscribe victims to costly mobile services.

The most noticeable October event related to mobile malware:

• rapid distribution of malware on Google Play.

Find out more about malicious and unwanted programs for mobile devices in our special overview.

Back to articles list