We’ve received report of a certain website hosting several exploit creation tools which includes toolkits with outputs exploiting MS07-004 and the latest MS07-017. These toolkits makes it easier for a script kiddie to create a malware of his own. Below is what the website hosting the said toolkits looks like.

And the tools for MS07-004 and MS07-017 exploit.

Well the great news is that we have detection for these tools mentioned. We have HKTL_EXPLOITER.K for the MS07-004 toolkit and HKTL_EXPLOITER.L for the MS07-017 toolkit. Also, the output for the first toolkit is already detected as JS_IFRAMEBO.BG and VBS_PSYME.ALP (this is for the other output of this toolkit exploiting MS06-014). The second toolkit’s output is also detected as TROJ_ANICMOO.AX. Please keep your antivirus pattern files updated to be secured from these threats. Apply the necessary security patch to prevent malicious attacks targetting these known vulnerabilities.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!