Sketchy looking email from nexus

[Yinepuhotep]

I'm with zwkdiv. As far as I know, my email address isn't in anyone's contact list, so unless they got my registration information, they couldn't have got my address.

[Dark0ne]

I'm interested if more people are getting this email or not. So far I've had 5 confirmed reports.

[Higlac]

In your news post you said you couldn't get in contact with the owner of the compromised staff account, any update on that?

[Dark0ne]

No, they haven't been on today unfortunately. That should not be related to this issue seeing as how people in the "Staff" group cannot see user email addresses or have any access to the forum backend or databases that would show the email addresses.

[Higlac]

No weird access logs on your databases? No chance that someone that does have access was hit by a rootkit? Because as far as I can tell they got my email address from someplace else. Nobody that knows the affected email downloaded anything today.

[Deleted4154736User]

Had this happen to me just a few moments ago. Recieved an email with the topic "Nexus" and in its contents was a Nexus Mod Manager 0.50.0 in a .zip. I did not open the email itself, mearly scanned it and it seems to be coming from a strange sender. I had put the email in my trash and went back to get more information to post on here but it looks like my mail provider had marked it and removed it as the other mail I had sent to trash was still there. I don't have any Nexus friends (sad I know) so I don't think they are reaching me by that method. Also the file itself seems to be coming from a strange address like a bunch of random numbers then .com rather than nexusmods.com. I'm probably going to spend the remainder of the night checking my files and accounts to make sure everything checks out ok. Also a sidenote. This was sent to an old email I used to associate with on sites including nexusmods, I had changed my email associated with my account a few months back but strangely the email had got sent to my old email that used to be associated with this account instead of the new email I use. The only reason I noticed it is because I have the email from my old account fowarded to my new account which is how I found it sent to the old email but fowarded.

Edited June 10, 2014 by Guest

[Higlac]

Just got another email. We're sure that they didn't get access to the database?

[Dark0ne]

This was sent to an old email I used to associate with on sites including nexusmods, I had changed my email associated with my account a few months back but strangely the email had got sent to my old email that used to be associated with this account instead of the new email I use. The only reason I noticed it is because I have the email from my old account fowarded to my new account which is how I found it sent to the old email but fowarded.

That's some useful information, thanks.

 

Just got another email. We're sure that they didn't get access to the database?

We've had no outside access since we moved over to the centralised database setup in December. We no longer have access to the previous servers so cannot check their logs, though we had things locked down tight then, too.

[zwkdiv]

Also the file itself seems to be coming from a strange address like a bunch of random numbers then .com rather than nexusmods.com.

Those numbers are the IP address of the server that the link was trying to direct you to.

http://54.225.169.1/ resolves to a server owned and operated by amazonaws.com. So this means that the culprit has already been able to hack that server to upload their malware to. They will have used the IP address rather than the easily readable text address so that the recipients of the message don't realise that they are being diverted to amazonaws.com.

[Deleted6534384User]

I've received this e-mail too.