I would guess that it fingerprints the scanning software (e.g. metasploit), then feeds a payload back to it that has a known exploit in the scanning script.