'Skeleton Key' Malware Lets Attackers Use Any Corporate Account

For two years, the program lurked on a critical server that authenticates users. This allows attackers with a secret password to log in as any user.