Evil spreaddie fingered in RSA hack

Dunno if you have been following the recent SecurID hack at RSA?

They fessed up then went quiet for a few weeks so a few people assumed the worst.

(If you dont know what SecurID is, is a little token (about 10mm by 30) that generates a new 6 digit number every minute. That number can be synched to a login server to ensure only people with the right physical token can login in.)

Anyway the latest news is that an Excel workbook was infected with a targeted, malicious flash swf containing a zero day.

It does appear to be a very clever attack, the spreadsheet had such an interesting name that one of the targets pulled it from the junk folder and opened it running the flash. I didn’t see anywhere whether the workbook had any VBA in or not.

One important point though is that it was a Flash vulnerability they exploited, Excel was merely the delivery mechanism. No Excel vuln was used, just its ability to act as a container.

I didn’t see how they were discovered either, but it sounds like the attackers pretty much got most of what they were after.

I wonder how many other orgs have been hit by this sort of attack, and either haven’t discovered it yet or haven’t admitted it in public?

Got any good links?

cheers

Simon

Advertisements

One Response to “Evil spreaddie fingered in RSA hack”

  1. Jim Cone Says:

    The file name was: “2011 Recruitment plan.xls.”
    Some more info here…
    http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1529523,00.html

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: