Evil spreaddie fingered in RSA hack

Dunno if you have been following the recent SecurID hack at RSA?

They fessed up then went quiet for a few weeks so a few people assumed the worst.

(If you dont know what SecurID is, is a little token (about 10mm by 30) that generates a new 6 digit number every minute. That number can be synched to a login server to ensure only people with the right physical token can login in.)

Anyway the latest news is that an Excel workbook was infected with a targeted, malicious flash swf containing a zero day.

It does appear to be a very clever attack, the spreadsheet had such an interesting name that one of the targets pulled it from the junk folder and opened it running the flash. I didn’t see anywhere whether the workbook had any VBA in or not.

One important point though is that it was a Flash vulnerability they exploited, Excel was merely the delivery mechanism. No Excel vuln was used, just its ability to act as a container.

I didn’t see how they were discovered either, but it sounds like the attackers pretty much got most of what they were after.

I wonder how many other orgs have been hit by this sort of attack, and either haven’t discovered it yet or haven’t admitted it in public?

Got any good links?

cheers

Simon