Hello!
One of our file servers(W2K) was hacked last night, and I discovered some new services that were not there before. they have the names: "DomainName"\Scheduler and "DomainName"\Acceptor and point to the corresponding files in the DSM-directory. Both these services are started manually, and are not the ones installed by me.
My question: Did DSM install them by itself? Or is it possible, that the hacker got in by exploiting some existing security hole and uses these Services as "camouflage"?
Thank you in advance,
greetings,
Martin Krauß
-- ******************************************** Martin Krauß IT-Gruppe Geisteswissenschaften LMU München Ludwigsstraße 28 80539 München Hotline: 2180 6400 Tel.:089 2180 1395 FAX: 089 2180 13543 Email: [EMAIL PROTECTED] ********************************************
