Opening the email that was used to hack RSA

FSLabs · 47,628 views
In this video you can see us opening the very email that was used to break into RSA / EMC in March 2011. The email is opened to Outlook and the attachment is launched. The attachment is an XLS file which has no content except an embedded flash object. The object shows up as a [X] symbol in the spreadsheet. Flash is executed by Excel and it uses the CVE-2011-0609 vulnerability to execute code and to drop a Poison Ivy backdoor to the system. After this, the exploit code closes Excel and the infection is over. After this, the attacker has full remote access to the infected workstation and full access to network drives that the user can access. Video done by F-Secure Labs