gorbajev777

Putting in a "ownership" message is permissible, but damaging saves or game play or crashing is beyond the pale and could cause your mods to be considered malware. I would rather the thieves be considered a criminal than become one to stop them. I used to mod during the Oblivion days and did some Warcraft modding also but quit because I just couldn't handle the massive waves of hostility from strangers who I had just worked many hours to give them something for free. =) Sound familiar? I really wasn't suggesting to do anything that would damage console games, only provide a measure of control for the mod creator as to when and where their mods would be released. I wasn't suggesting that anyone do anything criminal either and really don't see blocking unauthorized use as criminal act. The news of the bethesda.net policy changes coming up sound very encouraging though and I hope it is a step in the right direction. Sorry, I see what your saying. I'm a UNIX sys admin by trade and the idea of killing something really means terminating a process. So yes, I was suggesting something that would either not allow the game to start or would crash the game if a unauthorized mod is used. On the PC side of things if you load a mod and then your game wont start. You remove the mod and go back to playing. Does it not work that way on consoles? I really don't know. If there is a way to actually damage the console then I apologize and thats not what I meant at all. I thought the worst case scenario on a console is you have to reboot it but no permanent damage takes place. I spent 45+ years as a Mainframe System Programmer. In that world, we cancel tasks. The only "killing" we did was when we did something really stupid and killed squirrel which kept the machine running. Back to the issue at hand. First, consider you audience. Console players are reading this. They see the phrase "game killing" and they see the game dead forever. I would find some terminology that is less industry specific and more "user friendly" (I hate that phrase, but it is appropriate). Second, tell the user what is happening and why. Give them a message which identifies the Mod and the original author before stopping play. But to just stop the game and not tell them why is counter productive. Especially if the user just put on more than one or two mods. Is it one mod? Is it a combination of mods? Is it the order the mods are in? And even one mod can prompt these questions. Is it the new MOD. Is it the load order. Is this mod incompatible with another mod? It isn't always as simple as "just take off the last mod and start again". I say, tell them why. ED: I read this and had to smile at myself. I still think in terms of users and clients. I am stuck in a rut. Somebody throw me a half stick so I can blast my self out. Fair enough on all points. I was just throwing a idea out there. One that I wouldn't bother standing behind because I have no skin in the game. I would be glad if the discussion proved to be useful for others though. Good luck to all involved.

Putting in a "ownership" message is permissible, but damaging saves or game play or crashing is beyond the pale and could cause your mods to be considered malware. I would rather the thieves be considered a criminal than become one to stop them. I used to mod during the Oblivion days and did some Warcraft modding also but quit because I just couldn't handle the massive waves of hostility from strangers who I had just worked many hours to give them something for free. =) Sound familiar? I really wasn't suggesting to do anything that would damage console games, only provide a measure of control for the mod creator as to when and where their mods would be released. I wasn't suggesting that anyone do anything criminal either and really don't see blocking unauthorized use as criminal act. The news of the bethesda.net policy changes coming up sound very encouraging though and I hope it is a step in the right direction. Sorry, I see what your saying. I'm a UNIX sys admin by trade and the idea of killing something really means terminating a process. So yes, I was suggesting something that would either not allow the game to start or would crash the game if a unauthorized mod is used. On the PC side of things if you load a mod and then your game wont start. You remove the mod and go back to playing. Does it not work that way on consoles? I really don't know. If there is a way to actually damage the console then I apologize and thats not what I meant at all. I thought the worst case scenario on a console is you have to reboot it but no permanent damage takes place.

Putting in a "ownership" message is permissible, but damaging saves or game play or crashing is beyond the pale and could cause your mods to be considered malware. I would rather the thieves be considered a criminal than become one to stop them. I used to mod during the Oblivion days and did some Warcraft modding also but quit because I just couldn't handle the massive waves of hostility from strangers who I had just worked many hours to give them something for free. =) Sound familiar? I really wasn't suggesting to do anything that would damage console games, only provide a measure of control for the mod creator as to when and where their mods would be released. I wasn't suggesting that anyone do anything criminal either and really don't see blocking unauthorized use as criminal act. The news of the bethesda.net policy changes coming up sound very encouraging though and I hope it is a step in the right direction.

Not being a modder myself but being a programmer, I would like to float a idea although I'm not sure its possible and would require modders to maintain forked source trees in a sense. Mod version 1. Find a way to make your mod unusable on non-PC platforms and embed it (deeper the better) in your mods that you post on nexus. ( Maybe a game killing exploit could be used so that people who download the stolen copy from bethesda.net for a console wont even be able to start a game with it installed.) Mod version 2. Maintain a private console playable version that is not available anywhere but your account on bethesda.net that you load, maintain and update on whatever schedule you see fit. Both would have to be maintained on bethesda.net separately as different downloads and this of course would do nothing for stolen nexus mods being put up to be used on other PCs. This method may only do nothing but stop traffic caused by people who only know how to use a download and upload button. It might seem mean but companies use copy protection and game legitimacy verification all the time. Why not modders? And if you don't want your mod on a console then even better. If i'm completely missing the point then I must confess it's not the first time and apologize in advance.

I would agree on all points. I also think Dark0ne is doing a great job or I wouldn't have signed up for Premium. =) I would add that beyond the 3rd party applications exploits, DNS related issues are a big part of the problem. Whether it's spoofing, squating or cache poisoning, it's just to easy to dish out bad info and too easy to get a name. Requiring all the root servers to run DNSSEC is a good start. Over at isc.org in Vexies blog she talks about some things coming down the pipe reguarding name resolution and registration. Makes for a interesting read if your so inclined: http://www.isc.org/community/blog/201007/taking-back-dns-0 On that note I think I'll make a point of stepping back out of a technical discussion on this thread. I've been in I.T. way too long and I'm no longer capable of being anything but "long-winded" when I chat. =)

I somewhat agree Dachshund. The IP's that the exploits were coming from were indeed Eastern European/Asian in origin but that really only tells you where the servers were. ISP's and service providers in Eastern Europe and Asia can be much slacker in who they give accounts to and care less about the consequences. This creates a idea playground for people that want to cover their tracks and work out of countries that won't easily hand over data to investigators. Certainly there's a lot of homegrown cyber-turds in those countries but there's also a lot of folks in other countries just using the servers. A lot of the Spam Kings out there are actually American but run they're mail servers out of those countries. Makes it hard for folks here to collect evidence for prosecution when the servers are on the other side of the planet and the ISP is just ignoring the requests. Or if the country where the server is tries to do something against the spammer then the cost and time it takes to carry out a extradition just isn't worth it to them. After all, identity theft and password stealing is big business and if there's money to be made you'll usually find one of us Americans at the forefront. =) P.S. Hell there might even be some malware writers down in the Lone Star state. =)

Thats very courageous of you. With all respect I would like to make a humble suggestion. You may want to re-evaluate your security processes. Knowing what should be running is great but many of these malicious programs now run in a stealth mode that doesn't display at all in the task manager or attach themselves to known system files and do their damage from there. You know what should be running but do you know the size of the applications memory footprint? Would you notice if one of them was a few k larger than usual? A quick read of this might be helpful: http://en.wikipedia.org/wiki/Rootkit http://en.wikipedia.org/wiki/Malware Feel free to ignore my advice but I hope you see I gave it out of a spirit of caring and meant no offense or denegration.

Heya CME, I hope this info helps. Review this for a list of what my logs popped up: http://www.thenexusforums.com/index.php?/topic/240888-nexus-trojanvirus-alert/page__view__findpost__p__2146374 I would suggest downloading and running Malwarebytes since it turned up and fixed the rootkit. I would also suggest downloading and running the Norton Tidserv HTTPS exploit scan and fix. ( It can't hurt to try it. ) Also if you haven't run Microsoft update in some time you can sometimes "wash" a corrupted system by running a major patch. ( it moves system drivers and so forth to a patch uninstall directory after its done and sometimes a "stealth program" will turn up there on a scan after the patching ). If your not running a 100% legal copy of windows you probably don't want to try the patching route. Also, its wise to keep multiple anti-virus packages/anti-malware/anti-spyware packages on hand. You don't need to have them all active but scans from different packages will sometimes turn up things others missed. P.S. About 6 months ago my Sysadmin groups was tasked with evaluating a enterprise anti-virus solution ( the license on our current was expiring). We scowered hacker sites and compiled a CD composed of close 500 different viruses ( in both uncompressed and compressed formats ) and then ran each of the virus scanners we were evaluating against it. The best ones were averaging in the 90 to 95 percent range but none of the them found all of them and each of them found a few that none of the others did. ( Keep in mind this was evaluating a enterprise solution and not a home user version so the playing field was very different )

Heya guys, if you found one infection on your system from this issue you may want to look again: I run Norton Internet Security, Spybot - Search and Destory and Malwarebytes' Anti-Malware 1.46, everything up to date. I hit the site last night and when was browsing files ( sorry didn't note the ads displayed ), I got multiple errors from Norton, one error from Malwarebytes and nothing from Spybot. The Norton errors were multiple block messages displayed below. MSIE Microsoft Windows Help Center Remote Code Exec MSIE Java Deployment Toolkit Input Invalidation HTTPS Tidserv Request 2,,,"91.212.226.5, 80" HTTP Tidserv Request,"clikcpixelabn.com/LVD4w9sP7E3Yp9c9dmVyPTMuOTYmYmlkPW5vbmFtZSZhaWQ9NDA4MDAmc2lkPTAmcmQ9MTI4NTI5MDIzMSZlbmc9d3d3Lmdvb2dsZS5jb20mcT1zcHlib3QlMjBzZWFyY2glMjBhbmQlMjBkZXN0cm95JTIwZG93bmxvYWQ=06k",,"212.117.177.13, 80" HTTPS Tidserv Request 2,,,"194.28.112.6, 443" HTTPS Tidserv Request 2,,,"91.212.226.5, 443" HTTP Eleonore Executable Download,www.hthexhe.co.cc/x44/load.php?spl=newp_&,,"69.50.221.196, 80" HTTP Acrobat Suspicious Executable File Download,www.hthexhe.co.cc/x44/load.php?spl=newp_&,,"69.50.221.196, 80" Malwarebytes caught the following: C:\Documents and Settings\Administrator\Local Settings\Temp\F85.tmp (Rootkit.Dropper.Gen) -> Quarantined and deleted successfully. Norton blocked everything but the "HTTPS Tidserv Request 2" exploit. It couldn't remove it because it had gotten embeded in a system file ( pci.sys ) but they provided a link to a removal tool which did detect the trojan and sucessfully removed it. ( http://www.symantec.com/business/security_response/writeup.jsp?docid=2010-090608-3309-99 ). I mention all this because I think the malicious site was running a "laundry list" of exploits. So if your software caught one you may want to take another look with a different package. I hate to be the bearer of bad news but better safe than sorry.

For further information on this, heres a export of the kind of activity I've been seeing while access tesnexus tonight: ( By the way the 3 IP's listed all have a eastern european home ) I downloaded a detection and removal tool for the "HTTPS Tidserv Request 2" trojan and ran it. It detected the trojan installed into two of my system files. Please note the time, as of 10:40PM EST it was still active.