According to the technical paper from SophosLabs. Document exploitation is a well-known method of distributing malware. SophosLabs explores why we’re seeing more document exploitation malware in the wild, and investigates the long-standing popularity of a document exploitation generator called Ancalog, which is widely commercially available.
Ancalog builder supports several methods for malware distribution using different file formats.
Features :
-Include silent doc exploit
-Several exploits, most are sendable via GMail
-Compatible with every rat/keylogger/worm
-Compatible with XP – 10 32/64
-FUD (DOC CHM)
-Can be sent via gmail/fb (DOC XLS PDF)
-Works with every MS Office from 2007 to 2016 (excluding Starter edition – there’s no macro support)
-Editable files
-Fake protection message for word files
-Fully editable XLS
-Based on long term fud crypter
-Small stub (~30kb)
-Binded Exe is runned as admin (Thx to microsoft, not me) (DOC XLS)
-SENDABLE VIA GMAIL
and in one forum one member sharing that -Upcoming FUD Crypter (S/R) * Not realeased yet, this is near future guys
Ancalog Builder available in many forum at 250$ USD and some cyber criminal already cracked it and using this.
Recently SophosLabs observed some interesting developments in the distribution of Office exploits aimed at
our user base. As a perfect illustration, a snapshot of August 2016 shows the following picture:
I strongly urge you to update your MS office to the latest version and stop putting yourself at risk, using out of date software.