Researchers have finally found the email that was used to successfully break into security firm RSA earlier this year.

The breach resulted in the theft of secrets pertaining to RSA's SecurID two-factor authentication product, and was later blamed for digital break-ins at a number of U.S. defense contractors.

All that was previously known about the actual message used to pull off the heist was that it involved the use of a Flash object embedded within an Excel document. The Flash object was present in order to exploit a then-unpatched vulnerability in the Flash Player.

Discovered by researchers at antivirus firm F-Secure, the email message that enticed an employee to click on the Excel file contained just two succinct sentences: "I forward this file to you for review. Please open and view it."

The "Poison Ivy" backdoor was then planted, giving the attacker complete remote access to the infected machine and its network drives. While Mikko Hypponen, chief research officer at F-Secure, conceded that it wasn't even "a very well-done" social engineering attack, Hypponen noted the zero-day nature of the Flash exploit.

"I don't want to blame RSA," he told SC Magazine. "I don't think they could have prevented it."

For more:
- check out this article at SC Magazine
- check out this article at eWeek

Related Articles:
Is there anything RSA wants to tell us about the Lockheed breach?
Banks replace SecurID tokens
Stolen RSA SecurID data blamed for hack attempts at L-3 Communications