Reverse Engineering the RSA Malware Attack

Thursday, September 08, 2011

In this video, security expert J. Oquendo attempts to reverse engineer the RSA attack using open source forensics tools.

In March of this year, RSA - the security division of EMC - had announced they suffered a breach stemming from a "sophisticated attack" on their network systems.

The attackers targeted proprietary information on RSA's SecurID two-factor authentication systems, a product designed to prevent unauthorized access to enterprise network systems.



While few details have been released that could give analysts a better understanding of the scope and impact of the breach, the unauthorized access to sensitive material regarding SecurID is known to have had wide spread impact.

RSA's customers include government, military, financial, enterprise, healthcare and insurance companies.

According to researchers from F-Secure, the attack was most likely carried out with a short email message and an infected Excel spreadsheet file.

The messages read: "I forward this file to you for review. Please open and view it."

Timo Hirvonen, an F-Secure antimalware analyst, found the suspected email among millions of samples that had been submitted to the free file scanning service VirusTotal.

The message had been sent on March 3, but had not been submitted to VirusTotal until two days after the RSA breach was announced.

Possibly Related Articles:
15561
Viruses & Malware
Information Security
malware Attack hackers breach SecurID reverse engineering
Post Rating I Like this!