I wouldn't be so sure. Try wget h t t p://www.db2topgun.com (remove extra blanks, obviously) and see by yourself what HTML is being served. The iframe generated by the script on that page tries to launch what is known as Blackhole exploit kit from a known malware site.
I'm attaching the HTML source (renamed as .txt so that you don't launch it by mistake).
Attachement removed in response to copyright claim by db2topgun.
I was contracted by the company that owns the subject web site to build content.
Ah, this is a case of pride being hurt, I see now. I wonder how you were able to deliver "a quality product" without being able to understand HTML code that I included in my post specifically to substantiate my finding, but that's between you and your client, or should I say victim.
How do you know you got it from visiting this site? I didn't get a virus / virus warning (have Symantec as well)
Settings of the proxy and Antivirus we have, it will give you a immediate pop-up window with message indicating you received a virus. I was only at the db2forum site looking at your post and clicked on the link you provided when I get the pop-up. I had no other Internet session opened at the time.
How do you know you got it from visiting this site?
This was the only url i had not previously visited. The day after visiting db2topgun, i logged on to a bank and was asked to fill out an "authorization required" form that asked for all kinds of info no bank would ever ask online. . .
The bank's security/fraud folks told me that this has happened all too often.
Just did a search to see if there was anything about the topgun site.This was the info for the first link returned:
DB2 TOP GUN Consulting
Warning: Dangerous Downloads
Call DB2 Top Gun first for any of your DB2 database support needs. We promise to make you glad you did. Call us at 775-285-6767 or email at email@example.com
Kinda spooky when an internet search flags the site. . .
Read about extended security on Windows. If it's on, the members of DB2ADMNS have administrative privileges. If not, all local administrators plus whoever is in SYSADM_GROUP.
You will still be able to start and stop the instance even without SYSADM privileges - even POWER USERS may be sufficient to start the DB2 service.
There's another gotcha - after the installation the DB2 service will be logging in as db2admin (or whatever name you provide). If ever db2admin's password expires, the instance won't start. It is common practice to change the DB2 service login to Local System (login ID SYSTEM), which does not require a password.
I set sysadm_group to DB2ADMNS and made two users (my personal id and db2admin) part of this group. Verified that the developers don't have sysadm. But all of them are administrators on this Win server, so they can easily add themselves to this group... not good, they can do enough damage if they want to. Don't think we can do anything about this ...unless they get removed from the administrator group?