HellBound Hackers
Join us at IRC!
I'd prefer to die standing, than to live on my knees - Che Guevara
Thursday, May 17, 2012
HellboundHackers HBH RSS Feed
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
HellBoundHackers Additional:
Shop
Learn
Communicate
Submit
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Interact
Other
HellBoundHackers Executive:
HellBoundHackers Leisure:
Members Online
Total Online: 35
Web Spiders: 17
Guests Online: 29
Members Online: 6
roodrales, AldarHawk, Soulja_9, interlude, Beat_Slayer, lolzsec

Registered Members: 70038
Newest Member: roodrales
Latest Articles
Comments
No Comments have been Posted.
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.

- Was this the e-mail that took down RSA?

"The e-mail was crafted well enough to trick one of the employees to retrieve it from their Junk mail folder, and open the attached Excel file," wrote RSA Head of New Technologies Uri Rivner in the April 1 blog posting that laid out most of what RSA has said publicly about the e-mail. "It was a spreadsheet titled "2011 Recruitment plan.xls."

Hirvonen didn't know for sure he'd find the e-mail in VirusTotal, but he thought that there was a chance that someone at RSA had uploaded to see what it was. Searching for the 2011 Recruitment Plan spreadsheet yielded nothing, however.

But this month Hirvonen finished up a data analysis tool that allowed him to find his needle in the Virus Total haystack. His technique: he scoured the data for flash objects -- software written to run in Adobe's Flash Player -- that looked like they may have been used in the RSA attack. RSA had previously said that the hackers used software that took advantage of a bug in Adobe Flash and offered some technical details on the attack.

"It was a difficult one to find," Hirvonen said. "We had to work really hard to find it."

With his new tool, Hirvonen quickly discovered a Microsoft Outlook .msg file. When he opened it up, he knew he was onto something. Inside was a message that had been spoofed to look like it had come from recruiting website Beyond.com. "I forward this file to you for review. Please open and view it," the message read. The subject: "2011 Recruitment plan." The attachment: an Excel spreadsheet entitled "2011 Recruitment plan.xls"

Looking closer, Hirvonen found that the file seemed to match RSA's description in possible every way. The Excel file contained the same Flash attack code; It used the same remote control software, called Poison Ivy, and it tried to connect to the same Internet address as RSA's attacker.

The e-mail was sent to EMC employees, apparently in the human resources department, and looked like it came from webmaster@beyond.com, a generic address from a website that has listed EMC jobs in the past. But that was a spoofed address, Hirvonen said. In reality the e-mail wasn't sent from the Beyond.com servers.

More Here:RSA

korg
29th August 2011   Print
Guest
Username

Password

Remember Me


Bookmark This Page
Affiliates
Adverts

 

 

Links

Anime Wallpaper Site
By using, viewing or obtaining any information contained on this site, you agree to the disclaimer.

© HellBound Hackers 2008- 2009. Since 3rd December 2004.

20561527 Unique Visits

Powered by HBH-Fusion