new Services look like DSM but are they?
2004-07-13 08:03:40
Hello!
One of our file servers(W2K) was hacked last night, and I discovered
some new services that were not there before. they have the names:
"DomainName"\Scheduler and "DomainName"\Acceptor and point to the
corresponding files in the DSM-directory. Both these services are
started manually, and are not the ones installed by me.
My question: Did DSM install them by itself? Or is it possible, that the
hacker got in by exploiting some existing security hole and uses these
Services as "camouflage"?
Thank you in advance,
greetings,
Martin Krauß
--
********************************************
Martin Krauß
IT-Gruppe Geisteswissenschaften
LMU München
Ludwigsstraße 28
80539 München
Hotline: 2180 6400
Tel.:089 2180 1395
FAX: 089 2180 13543
Email: martin.krauss AT itg.uni-muenchen DOT de
********************************************
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- new Services look like DSM but are they?,
Martin Krauß <=
|
|
|