By Fred Touchette, senior security analyst – AppRiver
‘Twas the night before Christmas, when all through the house
not a creature was stirring, not even a mouse.
But a laptop was open, the network logged on,
and unfortunately for its owner, his security had gone.
Unbeknownst to our user, and all others that care,
this laptop had malware it wanted to share.
It flew over wi-fi, pushed out through the router,
and started its journey, from computer to computer.
The owner worked, for a big corporate bank,
who relied on protection to shield it from pranks.
Had the virus arrived at the enterprises door,
it’s journey would be halted, and it would have infected no more.
But unluckily this story, has no happy ending,
for the virus was clever in seeking out glory.
Instead of the front door, it sneaked round the back,
climbed in through a gateway, that had already been hacked!
Now the organisation’s CISO was snug in his home,
blissfully unaware of what had gone on.
While he dreamed of presents, turkey and stuffing,
the virus had unleashed one great big fat Trojan
“Now Mac.Backdoor.iWorm! Now CryptoWall!
Now, GameoverZeus and Stuxnet!
On, Ice IX! On, SpyEye!
On, Torpig and Carberp!
Slide through the ethers!
And infect one and all!
Now cash away! Cash away!
Cash away all!”
While networks lay slumbering, unaware of the risk,
the code was changed slightly, so nothing seemed to be amiss.
But of course, being Christmas, someone would get a surprise
But only if they looked hard, at the damage inside.
No account would be breached,
no coins would be pilfered.
Instead, far more damaging,
credentials were taken.
Sat at home, at his desk, dressed in furs black as ink
The code writer sat, and prepared for a stint.
Lights blinked, alarms sounded, and cogs started whirring,
as over the sky came information, unending.
The credentials arrived first, number one on his list,
then came account details with how much sat in each.
From here what was required, was dexterity, and more
complicated coding to slip through the door.
Back in the bank, not an alarm had he tripped,
so the next stage of his plan he gleefully unleashed.
The Trojan allowed him to travel back in,
to the heart of the building, to plunder within.
The money, he’d steal, from accounts big and small.
He’d hide each transaction, no suspicion would fall.
Once everything was set, with no stone left unturned,
He could slip in and out, as and when, at his will.
Back at his desk programming and streaming,
he worked hard to ensure his code was unrevealing.
He wiped, and he cleaned, he scoured and he scrubbed.
He obscured the Trojan, it was as if he’d worn gloves,
He sat back from his screen, and gave a strange giggle,
And the tunnel he’d created, it dimmed and it dwindled.
But I heard him exclaim, as he spun out of sight,
“Happy Christmas to all, and to all a good night!”
