RSA spearphish attack may have hit U.S. defense organizations

[InfoSec News <alerts () infosecnews org>]

http://www.computerworld.com/s/article/9219873/RSA_spearphish_attack_may_have_hit_U.S._defense_organizations

By Robert McMillan
IDG News Service
September 8, 2011

The hackers who broke into EMC's RSA Security division last March used 
the same attack code to try to break into several other companies, 
including two U.S. national security organizations, according to data 
provided by the VirusTotal website.

"According to our data, RSA was just one of the targets," said Bernardo 
Quintero, the founder of malware analysis site VirusTotal. Attackers 
"used the same malware to try to penetrate other networks," he said in 
an email interview.

VirusTotal is a popular site with security professionals who use it to 
get a quick industry consensus take on suspicious files. It runs any 
file through a battery of antivirus scanning engines and spits out a 
report within minutes. Someone at EMC used the service on March 19 to 
analyze an email message that contained that spearphishing attack that 
was used to break into RSA.

But according to Quintero, before the attack was publicly disclosed in 
mid-March, the same maliciously encoded Excel spreadsheet had already 
been uploaded to VirusTotal 16 times from 15 different sources. The 
first was on March 4 -- the day after the message was sent to RSA -- and 
the malware was detected by none of the site's 42 antivirus engines.

[...]


_____________________________________________________________
Register now for the #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/