Researchers Discover File Used to Hack RSA
Threat Post reports researchers at anti-malware company F-Secure say they have found the actual infected Excel file that was used in the attack on RSA earlier this year, eventually forcing the company to replace millions of its SecurID tokens. The Outlook email message containing the malicious file apparently was uploaded to Virustotal in March and the researchers dug it out this week. If the message and attachment that F-Secure researcher Timo Hirvonen found is indeed the same one used in the RSA attack–and the file name and description do fit what RSA has said publicly–then neither the attack nor the message’s social engineering tactics appear to very sophisticated. The subject line of the email is “2011 Recruitment Plan” and the Excel attachment had the same name. The email appeared to come from the address “webmaster [at] beyond dot com,” a job recruitment site.
