Somthing came up last week. What appears to be a hack attempt on all of our domain controllers and some member servers. The hack some how created a ?helpassistant? account and added it to the administrators group of the child domains, and in some local admin groups of member servers. This hack created and added this account, and also removed default groups from the ?access this computer from the network? local security policy except for the helpassistant account that it created.
Can?t tell yet if this intrusion is destructive to data in anyway. So far, we’ve just noticed account and local security policy changes. Here is a link to a similar incident that was documented less than a month ago-
http://www.experts-exchange.com/Operating_Systems/Win2000/Q_20464255.html
Has anyone expierenced somthing similar to this???
