As with so many tools, security vulnerability detectors can be misused to exploit rather than defend. The Metasploit Project is an extremely valuable tool and many of us in cyber security use it to research and probe for potential problems. However, a recent development which was revealed by Security Labs in India demostrates just how easily the Metasploit Framework can be used to develop malicious payloads that avoid detection by the usual Anti-Virus and Firewall software.
What could you do with this? Well, imagine you could use the technique to deliver a "backdoor" to a machine. Actually, you don't need to imagine as that is exactly what was done. All of a sudden you have the means to take over machine remotely without the user knowing, and in such a way that most users would stand very little chance of detecting the attack: certainly not using routine Anti-Virus and Firewalls software.
It's such a shame that these tools are used in this way. Or is it? Perhaps that's the very reason they exist. After all this has shown a vulnerability and a form of attack vector that may not have been thought about by the AV and Firewall vendors.