Malware authors have been using Microsoft Office document exploits for quite some time, but in the past couple of years, document malware has experienced a resurgence.
Typically, exploited documents are attached to email messages and sent out to large numbers of random recipients (in the case of cybercrime groups) or a smaller number of selected targets (in the case of APT groups).
Office exploit generators play a crucial role in making Office exploitation available to common cybercriminals. However, despite their significance, most Office exploit kits have not been covered in detail.
In a new research paper, SophosLabs Principal Malware Researcher Gabor Szappanos analyzes some of the most impactful Office exploit generators.
Some of the Office exploit kits are known to be commercial, available for purchase at underground marketplaces. Others seem to be commercial, but haven’t appeared in any of the marketplaces yet. Finally, there are tools that are available only to a handful of groups.
Download Gabor’s research paper to get a thorough analysis of several of the most popular exploit creation kits, plus illustrative examples of the malware campaigns SophosLabs has seen in recent years. Finally, learn what Sophos recommends you should do to stay secure.