As humans beings, we tend to be a bit lazy, at least in most of the cases. And cybercriminals are human beings, and therefore, lazy 🙂
My colleage Andrew Chang (AhnLab) has sent me a MS10-002 Exploit Constructor they’ve found out in a Chinese underground web site. When you run it, and click on the bottom-left button, you obtain a html file that contains the exploit. If you can understund Chinese, it says something like “Dark Techniques Working Group”.
The resulting html file will download the file you have typed in the URL, will save it as c.exe and will execute it. Still checking it, if I find something else I’ll update the post.
Thanks Nuño for the Chinese translation.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
