If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back  dBforums > Database Server Software > DB2 > DB2 on Windows

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #31 (permalink)  
Old
:-)
 
Join Date: Jun 2003
Location: Toronto, Canada
Posts: 5,333
Quote:
Originally Posted by db2topgun View Post
The site is virus-free.
I wouldn't be so sure. Try wget h t t p://www.db2topgun.com (remove extra blanks, obviously) and see by yourself what HTML is being served. The iframe generated by the script on that page tries to launch what is known as Blackhole exploit kit from a known malware site.

I'm attaching the HTML source (renamed as .txt so that you don't launch it by mistake).


[
Moderation Comment:
Attachement removed in response to copyright claim by db2topgun.
]

Last edited by sathyaram_s; 05-15-12 at 05:53.
Reply With Quote
  #32 (permalink)  
Old
Registered User
 
Join Date: Aug 2009
Posts: 23
..........

Last edited by LD_Bronstein; 05-14-12 at 08:19.
Reply With Quote
  #33 (permalink)  
Old
:-)
 
Join Date: Jun 2003
Location: Toronto, Canada
Posts: 5,333
Arrogance is no substitute for problem determination skills. You probably call it "self-confidence" though. Feel free to ignore the obvious, Mr. whatever-you-real-name is.
Reply With Quote
  #34 (permalink)  
Old
Registered User
 
Join Date: Aug 2009
Posts: 23
.............

Last edited by LD_Bronstein; 05-14-12 at 08:18.
Reply With Quote
  #35 (permalink)  
Old
∞∞∞∞∞∞
 
Join Date: Aug 2008
Location: Toronto, Canada
Posts: 2,357
Comrade Bronstein, n_i was just trying to help. Please don't insult him.
Reply With Quote
  #36 (permalink)  
Old
Registered User
 
Join Date: Oct 2004
Posts: 268
For those who says the site was clean. See attached. Sorry for being too harsh but I am at edge with the company. One more virus I get, I am out the door.
Attached Images
File Type: bmp Antivirus_Report.bmp (3.00 MB, 12 views)

Last edited by mdx34; 05-10-12 at 10:12.
Reply With Quote
  #37 (permalink)  
Old
:-)
 
Join Date: Jun 2003
Location: Toronto, Canada
Posts: 5,333
Quote:
Originally Posted by LD_Bronstein View Post
I was contracted by the company that owns the subject web site to build content.
Ah, this is a case of pride being hurt, I see now. I wonder how you were able to deliver "a quality product" without being able to understand HTML code that I included in my post specifically to substantiate my finding, but that's between you and your client, or should I say victim.

Good luck in your endeavours.
Reply With Quote
  #38 (permalink)  
Old
∞∞∞∞∞∞
 
Join Date: Aug 2008
Location: Toronto, Canada
Posts: 2,357
Quote:
Originally Posted by mdx34 View Post
For those who says the site was clean. See attached. Sorry for being too harsh but I am at edge with the company. One more virus I get, I am out the door.
How do you know you got it from visiting this site? I didn't get a virus / virus warning (have Symantec as well)
Reply With Quote
  #39 (permalink)  
Old
Registered User
 
Join Date: Oct 2004
Posts: 268
Quote:
Originally Posted by db2girl View Post
How do you know you got it from visiting this site? I didn't get a virus / virus warning (have Symantec as well)

Settings of the proxy and Antivirus we have, it will give you a immediate pop-up window with message indicating you received a virus. I was only at the db2forum site looking at your post and clicked on the link you provided when I get the pop-up. I had no other Internet session opened at the time.
Reply With Quote
  #40 (permalink)  
Old
Registered User
 
Join Date: Oct 2009
Location: 221B Baker St.
Posts: 487
db2topgun - virus?

Quote:
How do you know you got it from visiting this site?
This was the only url i had not previously visited. The day after visiting db2topgun, i logged on to a bank and was asked to fill out an "authorization required" form that asked for all kinds of info no bank would ever ask online. . .

The bank's security/fraud folks told me that this has happened all too often.

This link shows what looks just like what happened to my pc:
A Cave Monster from Hell Wants Your Financial Data Webroot Threat Blog
As far as i know, this link has no problems. . .<g>
Reply With Quote
  #41 (permalink)  
Old
∞∞∞∞∞∞
 
Join Date: Aug 2008
Location: Toronto, Canada
Posts: 2,357
I tried from my home computer (with a different antivirus software) 2 days ago and it was ok (didn't want to try from the one with no antivirus).
Reply With Quote
  #42 (permalink)  
Old
Registered User
 
Join Date: Oct 2009
Location: 221B Baker St.
Posts: 487
db2topgun virus?

Just did a search to see if there was anything about the topgun site.This was the info for the first link returned:

DB2 TOP GUN Consulting
Warning: Dangerous Downloads
Call DB2 Top Gun first for any of your DB2 database support needs. We promise to make you glad you did. Call us at 775-285-6767 or email at info@db2topgun.com

db2topgun.com

Kinda spooky when an internet search flags the site. . .
Reply With Quote
  #43 (permalink)  
Old
∞∞∞∞∞∞
 
Join Date: Aug 2008
Location: Toronto, Canada
Posts: 2,357
Use google instead of yahoo Just kidding... You can email the owner of this site if you like.
Reply With Quote
  #44 (permalink)  
Old
Registered User
 
Join Date: Oct 2009
Location: 221B Baker St.
Posts: 487
db2topgun virus?

Yup, did that earlier - i'll probably send another with the result from the search.
Reply With Quote
  #45 (permalink)  
Old
∞∞∞∞∞∞
 
Join Date: Aug 2008
Location: Toronto, Canada
Posts: 2,357
Quote:
Originally Posted by n_i View Post
Read about extended security on Windows. If it's on, the members of DB2ADMNS have administrative privileges. If not, all local administrators plus whoever is in SYSADM_GROUP.

You will still be able to start and stop the instance even without SYSADM privileges - even POWER USERS may be sufficient to start the DB2 service.

There's another gotcha - after the installation the DB2 service will be logging in as db2admin (or whatever name you provide). If ever db2admin's password expires, the instance won't start. It is common practice to change the DB2 service login to Local System (login ID SYSTEM), which does not require a password.

I set sysadm_group to DB2ADMNS and made two users (my personal id and db2admin) part of this group. Verified that the developers don't have sysadm. But all of them are administrators on this Win server, so they can easily add themselves to this group... not good, they can do enough damage if they want to. Don't think we can do anything about this ...unless they get removed from the administrator group?
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On