'I forward this file to you for review' Scam Email Description
'I forward this file to you for review. Please open and view it' is a phishing email which includes an infected Excel file and was used by hackers to break into RSA. The phishing email installs the Poison Ivy backdoor, which is able to obtain access to RSA SecurID tokens for network authentication. RSA was forced to replace SecurID tokens for their customers around the world. The subject line of the attack email and the infected Excel attachment had the same name "2011 Recruitment Plan". 'I forward this file to you for review' fake email is intended to appear that it came from beyond.com, a job recruitment website.
Once the user double-clicks the Excel file, it opens a spreadsheet with no real contents other than the malicious Flash object that exploits a Flash vulnerability. The exploit then installs the Poison Ivy backdoor on the PC system and the attack has been executed. Poison Ivy backdoor connects back to it's server, and once the connection is made, the attacker gets full remote access to the compromised computer system. The attacker also gains full access to network drives that the user can access. 'I forward this file to you for review' fake message was sent to four RSA employees. One of them pulled the email from the spam folder, opened it and downloaded the attachment. This error was then combined with a Flash zero-day vulnerability to compromise RSA and its SecurID product.