Possibly trojan/virus attack toward Nexus users

[tomomi1922]

Over the last 3 days (and it seems just the last 3-4 days), I kept getting this pop-up window saying my Google Chrome (or my Java) has serious bug, and must update immediately. Then whether click OK or closing it, it will simply send me to random address like calmst.com and malest.com mimicking as real Java or Chrome download to trick people to click onto them. Fake sites with facade of a real site? We can only guess what kind of virus/trojan is behind it.

 

There are not just 2 websites, but I have encountered about 20-30 of these "warning pop-up" and there is a different website. So something like xyz.com pretends to be Google and asks me to click Download or Update?

 

And to my notice, they all have been initiated all from Nexus site. I suspect there is a script somewhere hidden in the ad or such that initiates this pop-up window (and subsequently redirect users to the fake sites). Please look into it, or else less technical literate people will fall for this. I am not trying to accuse anyone of anything. But I notice ALL of these pop-ups originate from Nexus. It does not pop-up instantly when you get onto Nexus. I have a habit of opening 20+ Nexus browser tabs to browse/read different mods, and maybe about hours into staying on the same page, this fake warning pop ups. I work in IT so I am very sensitive to this kind of things. This is a big red flag, and the first thing I would do is to find out where it is from.

 

I am running Windows 7, just in case you want to know.

 

Edit: fixed typo

Edited July 1, 2013 by tomomi1922

[jackowonderful]

it's happened before. put your add block on till it goes away.

[tomomi1922]

I am personally ok with it. It does not happen in a frequency that is extremely annoying. I just hope Nexus to look into it because many people (other than myself) will be at risk. It is like a restaurant serving food that has a 5% chance of containing a poison that may send patrons straight to the emergency room, unless they can "detect poison".

 

There it goes again: http://specdownload.info/ (DON'T CLICK ON IT).

[prod80]

I dont think its related to the Nexus site, with 5.8 million users, if this would of originated from here the forums would overflow. I have 10+ tabs open as well, all day long. Never seen any pop-up.

 

You might wanna run some good AV on your system ;)

[rhowington]

Never had a problem myself, but then I am a Premium lifer, no ads.

[tomomi1922]

@prod80, as rhowington pointed out, both of you are Premium users, so ad displays should me at minimal (if not zero). Thus I strongly suspect the ad provider over Nexus actual back server and front end scripts.

 

Anyhow, I have not seen one [fake] pop-up today. Maybe admin read this and weeded out the offending ads.

[rizon72]

I have to agree, run an AV check in safe mode. I can't recall getting a pop up on this site, and add a pop-up blocker as well.

[bben46]

If you do find a bad Ad - please let us know - a screenshot if possible as not everyone sees the same ads - Even in the US market there can be differences by region. And of course, in Spanish speaking regions the ads will all be in Spanish. The ads are by a third party and the only control we have is to tell them to not run a particular ad here. The ad company will also ban the advertiser if they are putting up malware. The way these jerks get away with it is to submit a legitimate ad, then after it has been running a while - make an unauthorized change to the ad.