We have 20 years of experience troubleshooting and repairing any PC problem. We provide on-site and drop off computer repair service for all of Osceola County Florida.  Most companies make profits by pressuring you into replacing hardware and buying upgrades.  Our policy is to provide fast affordable honest service.  Unlike other computer repair shops we have an average turnaround of less than 24 hours.

Call 407-361-7721

 Serving:

  • Osceola County
  • Saint Cloud
  • Kissimmee
  • Poinciana
  • Harmony
  • Narcoossee
  • Lake Nona
  • Lake Buena Vista
  • And many more locations around Central Florida

Services:

  • Upgrades
  • Repairs
  • Virus Removal
  • Spyware removal, 
  • Home network setup
  • Broken Laptop Screens
  • Hardware Installation
  • Parts
  • Windows Login And Password Recorvey
  • Computer Recycling
  • Laptop Repairs

 

 

Call 407-361-7721

 

 


View Larger Map

Computer Repair Services

 

Computer Repair Companies

kissimmee saint cloud osceola 193 34769

« A Post Mortem on the Iranian DigiNotar Attack | Main | Steve Jobs Resigns.... »

Opening Up One E-mail Attachment Compromised Security Around The Globe...

DateFriday, August 26, 2011 at 06:06PM

 

RSA distributes advanced security systems to companies world wide.  F-secure discovers how one very simple trojan instantly compromised security around the globe. Social engeinerring will always be the weak point of any secuirty plan:

http://www.f-secure.com/weblog/archives/00002226.html

So, what did the email look like? It was an email that was spoofed to look like it was coming from recruiting website Beyond.com. It had the subject "2011 Recruitment plan" and one line of content: 
   "I forward this file to you for review. Please open and view it". 
The message was sent to one EMC employee and cc'd to three others.

In this video you can see us opening the email to Outlook and launching the attachment. The embedded flash object shows up as a[X] symbol in the spreadsheet. The Flash object is executed by Excel (why the heck does Excel support embedded Flash is a great question). Flash object then uses the CVE-2011-0609 vulnerability to execute code and to drop a Poison Ivy backdoor to the system. The exploit code then closes Excel and the infection is over. 

After this, Poison Ivy connects back to it's server at good.mincesur.com. The domain mincesur.com has been used in similar espionage attacks over an extended period of time.

Once the connection is made, the attacker has full remote access to the infected workstation. Even worse, it has full access to network drives that the user can access. Apparently the attackers were able to leverage this vector further until they gained access to the critical SecurID data they were looking for.

The attack email does not look too complicated. In fact, it's very simple. However, the exploit inside Excel was a zero-day at the time and RSA could not have protected against it by patching their systems. 

So, was this an Advanced attack? The email wasn't advanced. The backdoor they dropped wasn't advanced. But he exploit was advanced. And the ultimate target of the attacker was advanced. If somebody hacks a security vendor just to gain access to their customers systems, we'd say the attack is advanced, even if some of the interim steps weren't very complicated.

AuthorSaint Cloud Computer Repair | Comments Off |