Upload

This video is unavailable.

Opening the email that was used to hack RSA

fslabs fslabs·76 videos
1,751

Subscription preferences

Loading...
Working...
44,762
Like     Dislike 1

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to like fslabs's video.

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to dislike fslabs's video.

Sign in to YouTube

Sign in with your Google Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to add fslabs's video to your playlist.

Uploaded on Aug 26, 2011

In this video you can see us opening the very email that was used to break into RSA / EMC in March 2011. The email is opened to Outlook and the attachment is launched. The attachment is an XLS file which has no content except an embedded flash object. The object shows up as a [X] symbol in the spreadsheet. Flash is executed by Excel and it uses the CVE-2011-0609 vulnerability to execute code and to drop a Poison Ivy backdoor to the system. After this, the exploit code closes Excel and the infection is over. After this, the attacker has full remote access to the infected workstation and full access to network drives that the user can access. Video done by F-Secure Labs

Ratings have been disabled for this video.
Rating is available when the video has been rented.
This feature is not available right now. Please try again later.

Top Comments

  • pathduck

    pathduck 1 year ago

    Man, RSA are such noobs.

    · 18

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate pathduck's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate pathduck's comment.
  • stupidjunk978

    stupidjunk978 1 year ago

    LOL, RSA fell for a scam that even my grandmother wouldn't be suckered in to. Poor practice indeed.

    · 12

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate stupidjunk978's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate stupidjunk978's comment.

All Comments (16)

Sign in now to post a comment!
  • abvmoose87

    abvmoose87 5 months ago

    do the infected computer have to have telnet service installed and active for this to work?

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate abvmoose87's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate abvmoose87's comment.
  • newlookmedia

    newlookmedia 1 year ago

    That's what I've just sad !

    This video is just reconstruction of behavior of email and user.

    So! What does this user (F-secure worker) done ? NOTHING!

    He or she must IGNORE this suspicious behavior and let this thing work in their internal network for next few days. Until someone discovered security break.

    So !?

    Is it possible? In fully secured company which workers live from building security software or ..

    .. someone trying to feed us some shit to cover real circumstances of

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate newlookmedia's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate newlookmedia's comment.
    in reply to Andreas Bjørn Hassing Nielsen (Show the comment)
  • newlookmedia

    newlookmedia 1 year ago

    Ten film to lipa!

    Gdzie w firmie zajmującej się ochroną antywirusową ten kto odebrał takiego maila zignorował by takie zachowanie arkusza !

    Lepiej æeby poszukali sobie pracy na farmie na nie robili oprogramowanie do ochrony danych.

    This video is FAKE !

    If not then they must fire all F-secure workers and close company.

    People who call themselfs security specialist and ignore that kind behavior ???!!!

    They better look for jobs in farm! Not to sell security software.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate newlookmedia's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate newlookmedia's comment.
  • hussanali

    hussanali 1 year ago

    FS Labs sucks. XP Suck at security.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate hussanali's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate hussanali's comment.
  • er00si

    er00si 1 year ago

    security is a dream?! no wonder we got all our RSA token replaced.

    It is really funny, our IT shipped my colleague's token to me. Well, he got a token that was undocumented!!! The final solution was that we exchanged the token and our IT reassigned the undocumented token to me. LOL.

    ·

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate er00si's comment.

    Sign in to YouTube

    Sign in with your YouTube Account (YouTube, Google+, Gmail, Orkut, Picasa, or Chrome) to rate er00si's comment.
  • Loading comment...
Loading...
Loading...
Working...
Sign in to add this to Watch Later