Figure 12.21  The attackers set up a VPN connection using the stolen passwords, and remotely control the Trojan horse on the internal network