SophosLabs principal researcher Gábor Szappanos, better known as Szappi, has featured in Naked Security articles many times before.
His contributions are always highly recommended because he has the knack of digging into the whole story, with the result that his papers are accessible and useful to anyone with an interest in malware and cybercrime.
If you’re a techie, you’ll find in Szappi’s papers the technical detail you’re after; if you’re a sysadmin or a security officer, you’ll get useful insights into how cybercriminals evolve and adapt in real life.
Even if you aren’t an IT expert yourself, you’ll enjoy the word pictures of the cyberunderworld that Szappi paints.
Better yet, you’ll end up better able to protect yourself, thanks to the way Szappi explains the topics he’s discussing.
So, we hope you enjoy his latest paper, quizzically entitled Ancalog – the vintage exploit builder.
Ancalog, or the Ancalog Multi Exploit Builder, to give its full name, is an example of what you might call an artisan niche in cybercrime.
Ancalog is cheap by cybercrime standards: if you know where to look, you can buy the entry-level kit for $49, or pay $290 for the full version. (Or, in a fit of dishonour among thieves, you can get hacked versions for much less.)
Once you’ve bought it, you can take your malware samples, whatever they might be, and package them automatically into booby-trapped documents ready for spamming out.
In other words, many ransomware attacks can be thwarted simply by avoiding anything that seems out of order.
Likewise, documents that have embedded macros need to persaude you to enable the macro feature in Microsoft Office, which means deliberately dropping your security for a document about which you know only one thing for sure: that you don’t have any reason to trust it.
That’s why Ancalog uses what are called exploits instead: deliberately mis-constructed files that automatically trigger bugs in Office, or perhaps underlying bugs in Windows itself.
Why use exploits?
- Where Ancalog comes from.
- How it works, and how Ancalog doubles its chances of success.
- The niche it’s built for itself amongst Russian and Nigerian cybergangs.
- What Ancalog’s “customer crooks” are doing with it.
- How to deal with it.
Read the paper now for a fascinating insight into how malware tools like Ancalog are helping crooks who aren’t technically savvy to leap headlong into cybercrime…