Norton just picked up a Drive-by Download on this site is giving me a caution sign whenever I'm on here.

"A drive-by download is computer code that takes advantage of a software bug in a Web browser to make it do something that the attacker wants—such as run malicious code, crash the browser, or read data from the computer. Software bugs that are open to browser attacks are also known as vulnerabilities."

The threat name is

"MSIE ADODB.Stream Object File Installation Weakness"

This is how the rest of my Norton page reads:

Severity: High
This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
Description
This signature detects attempts to exploit a remote code execution vulnerability using the RDS.DataSpace Objects.
Additional Information
Microsoft Data Access Components (MDAC) provide components for database access, including functionality for querying local and remote databases of various formats.

The MDAC RDS.Dataspace ActiveX control is prone to a remote code execution vulnerability. This issue exists because the control fails to behave securely when it is hosted on a web page. Sufficient restrictions are not placed on the control to prevent it from performing privileged actions when hosted remotely.

An attacker could exploit this issue to install programs, view, modify, or delete data, or create new user accounts on the computer.
Affected

* Hitachi DA Broker for ODBC 01-00, 01-02
* Hitachi DBPARTNER ODBC 01-00, 01-03, 01-06, 01-11
* Hitachi DBPARTNER2 Client 01-05, 01-12
* Hitachi HITSENSER5 01-00, 01-10, 02-80
* Microsoft MDAC 2.5 SP3, 2.7, 2.7 SP1, 2.8

Response
Workaround:
Microsoft has described various workarounds to help prevent exploitation. Please see the referenced security bulletin for more information.

Solution:
Windows 95/98/ME users should obtain fixes from the Windows Update website.

Fixes are available:

Microsoft MDAC 2.8.0 SP1:
Microsoft Patch Security Update for Windows XP (KB911562)
Microsoft Patch Security Update for Microsoft Data Access Components 2.8 Service Pack 1 (KB911562)


Microsoft MDAC 2.8.0 SP2:
Microsoft Patch Security Update for Windows XP x64 Edition (KB911562)
Microsoft Patch Security Update for Windows Server 2003 (KB911562)
Microsoft Patch Security Update for Windows Server 2003 for Itanium-based Systems (KB911562)
Microsoft Patch Security Update for Windows Server x64 Edition (KB911562)


Microsoft MDAC 2.5 SP3:
Microsoft Patch Security Update for Microsoft Data Access Components 2.5 Service Pack 3 (KB911562) - English


Microsoft MDAC 2.7 SP1:
Microsoft Patch Security Update for Windows XP (KB911562)
Microsoft Patch Security Update for Microsoft Data Access Components 2.7 Service Pack 1 (KB911562)


Microsoft MDAC 2.8 :
Microsoft Patch Security Update for Windows Server 2003 (KB911562)
Microsoft Patch Security Update for Windows Server 2003 for Itanium-based Systems (KB911562)
Microsoft Patch Security Update for Microsoft Data Access Components 2.8 (KB911562)

Additional References

* CVE-2006-0003
* CVE-2006-3510
* Vulnerability in the MDAC Function Could Allow Remote Code Execution
* Microsoft Security Bulletin MS06-014
* SecurityFocus BID: 10514
* SecurityFocus BID: 17462
* SecurityFocus BID: 18900

I made Geoff aware of this yesterday. I haven't heard back from him yet.

Thanks for posting this, Mick.

I have no idea how that'd be possible -- I'm not getting any warnings myself -- but I'll look into it, thanks...

I posted a few weeks ago that Avast gives me a malicious warning whenever I bring up this site. Maybe it's because of this.

I don't see any reason for it

Do you use Norton??

I do, and that "warning" is still showing up on my pc. This and the main site are affected.(the Trilogy site)

No, I don't use Norton -- I HATE Norton and how it notoriously slows down every computer it infects -- but you're right, there were 2 files hacked into the GF site that didn't belong there. I didn't notice any on the BB, but I now will check again....