Doctor Web’s December 2019 virus activity review
[% DEFAULT FILE_REVIEW = ''; NAME_SOME_ARRAY_IN_MACROSNAME = [ { box => "Overview" }, { box => "Statistics" }, { box => "Encryption ransomware" }, { box => "Dangerous websites" }, { box => "Mobile devices" } ] #FILE_REVIEW = 'https://st.drweb.com/static/new-www/news/2019/DrWeb_review_december_2019.pdf' %] [% BLOCK global.tpl_blueprint.content %]
January 29, 2020
In December, Dr.Web server statistics revealed an increase in the total number of threats by 83.26% compared with the previous month. The number of unique threats dropped only slightly by 0.75%. Adware and unwanted programs still occupy the top spot for detected threats. The most common threat found in email traffic was malware that exploits vulnerabilities in Microsoft Office documents.
The number of requests to decrypt files effected by trojan encoders has slightly decreased.
Principal trends in December
- Growth in malware spreading activity
- Advertising trojans and adware remain amongst the most active threats
- A decline in ransomware activity
According to Doctor Web’s statistics servers
The most common threats in December:
- Adware.Elemental.14
- Adware that spreads through file sharing services as a result of link spoofing. Instead of normal files, victims receive applications that display advertisements and install unwanted software.
- Adware.Softobase.15
- Installation adware that spreads outdated software and changes the browser’s settings.
- Adware.SweetLabs.2
- An alternative app store and add-on for Windows GUI from the creators of Adware.Opencandy.
- Adware.Downware.19627
- Adware that often serves as an intermediary installer of pirate software.
- Trojan.InstallCore.3553
- Another notorious adware installer that displays ad banners and installs software without user permission.
Statistics for malware discovered in email traffic
Exploit.CVE-2012-0158 - A modified Microsoft Office document that exploits the CVE2012-0158 vulnerability in order to run malicious code.
- W97M.DownLoader.2938
- A family of downloader trojans that exploits vulnerabilities in Microsoft Office documents and can download other malicious programs to a compromised computer.
Trojan.SpyBot.699 - Trojan spyware that hooks characters entered using the keyboard (keylogger).
Exploit.ShellCode.69 - A malicious Microsoft Office Word document that exploits the CVE-2017-11882 vulnerability.
- PDF.Phisher.115
- A PDF document used in phishing newsletters.
Encryption ransomware
In December, Doctor Web’s technical support service most commonly dealt with the following trojan encoders:
Trojan.Encoder.26996 — 22.62%Trojan.Encoder.567 — 8.75%- Trojan.Encoder.25574 — 6.08%
Trojan.Encoder.858 — 3.99%Trojan.Encoder.28004 — 3.80%
Dr.Web Security Space for Windows protects against encryption ransomware
Dangerous websites
In December 2019, Doctor Web added 162,535 URLs to the Dr.Web database of non-recommended websites.
| November 2019 | December 2019 | Dynamics |
|---|---|---|
| + 162 581 | + 162 535 | - 0.03% |
Malicious and unwanted programs for mobile devices
In December, cybercriminals also continued spreading new modifications of
The most noteworthy December event relating to mobile malware was the detection of new threats on Google Play.
![[You Tube]](https://st.drweb.com/static/new-www/social/youtube.png)
![[Twitter]](https://st.drweb.com/static/new-www/social/twitter.png)
![[Facebook]](https://st.drweb.com/static/new-www/social/facebook.png)
![[Instagram]](https://st.drweb.com/static/new-www/social/instagram.png)
![[Spiceworks]](https://st.drweb.com/static/new-www/social/spiceworks.png)
