We’ve received report of a certain website hosting several exploit creation tools which includes toolkits with outputs exploiting MS07-004 and the latest MS07-017. These toolkits makes it easier for a script kiddie to create a malware of his own. Below is what the website hosting the said toolkits looks like.
And the tools for MS07-004 and MS07-017 exploit.
Well the great news is that we have detection for these tools mentioned. We have HKTL_EXPLOITER.K for the MS07-004 toolkit and HKTL_EXPLOITER.L for the MS07-017 toolkit. Also, the output for the first toolkit is already detected as JS_IFRAMEBO.BG and VBS_PSYME.ALP (this is for the other output of this toolkit exploiting MS06-014). The second toolkit’s output is also detected as TROJ_ANICMOO.AX. Please keep your antivirus pattern files updated to be secured from these threats. Apply the necessary security patch to prevent malicious attacks targetting these known vulnerabilities.