Staff account compromise. What's happened and an apology.

[chickensheep]

Just curious, what would have happened if you tried to download one of these virus files through NMM?

[gzac95]

In response to post #15478410.

No mod is an .exe.

[Thoran1]

On that unrelated note: My Avast Antivirus picked up the following URL as dodgy: hxxp://n96.hal9000.redintelligence.net/request_content.php?s=39354240623416196&a=9945bac8

 

Looks like Hal9000 is trying to kill us again.

[Asgaro]

Guys, someone should seriously make a statement on the frontpage about the e-mails people receive that are FAKE and that say there is an NMM 0.50.2 update.

 

See my post here: http://forums.nexusmods.com/index.php?/topic/1792040-sketchy-looking-email-from-nexus/?p=15508405

 

 

It's a trojan.

And the e-mail wasn't filtered by GMail Spam feature. (GMail's Spam feature is normally very good.)

 

Screen with ESET NOD32 message below.

Thank god I still use an antivirus.

I'm very wary about computer security and I can't remember the last time my antivirus actually had to shield me from a real threat.

Well now it finally happened...

 

Edit: I did NOT click the shown download button, but I DID click the huge NMM icon since I thought that would bring me to an article.

(I never click direct download buttons within any e-mail).

But the download also gets triggered when clicking the NMM icon so watch out!

 

Edited June 11, 2014 by Asgaro

[Vindekarr]

Some shity persons of this planet should been abandoned to Jupiter.

 

Jupiter's really pretty, I think we should send them to Uranus. *cough* sorry, someone had to make that miserable pun.

 

On a serious note, I'm actually impressed more than anything. You really got this under control quickly, and apologising only made things better. Well handled, guys.

Edited June 11, 2014 by Vindekarr

[DrakeTheDragon]

In response to post #15507785.

Getting their Trojan to as many target computers with comparably low security as possible, to increase one's bot network with them. The more remote-controlled computers in the network the more simultaneous hacking tasks it can perform.

And they targeted the Nexus for distribution, because here EXE files disguised as installers inside mod uploads won't be all too suspicious to the newcomers or the regulars alike, them being the ones "demanding" them 1-click-installs after all.

And just reading a couple posts back the gamers coming here indeed are the ideal target group, actually believing in turning off their firewalls and anti virus guards in order to play more fluently was a good idea or "needs to" be done even.

And do you think they'd even realize their computers doing those hacking tasks due to resource consumption and network traffic, if they already have the Steam client running in background all the time doing the same?

[DrakeTheDragon]

In response to post #15478410. #15508170 is also a reply to the same post.

"No mod is an .exe" - Oh yes, they are. It's not only mods uploaded here but also tools, and the huge packages with their very own self-extracting EXE installers.

If it weren't for the size difference, or a famous mod which never before had an installer now all of a sudden having one, without a single word from the author, and its size being far too small for it to ever truely contain the mod package, thus impossible to actually be an installer for it, people would've never reported them so soon.

And, no, downloading manually instead of through the manager won't have made a difference here, apart from there not being any sense in downloading an EXE installer into your mod folder through the NMM, where you'll have to execute it first for it to automagically do all the work for you.

As a basic security means in general you should be very wary of EXE files downloaded from the web. I for one would personally never touch such a thing in regards to mods and always prefer the manual or manager-controlled distributions instead.
There's tools for example where you have no choice, but that isn't the same as self-extracting EXE installers instead of manual or manager-controlled mod packages.
Your anti virus programs "can" catch them before damage is done, but they don't "have to".

[DrakeTheDragon]

In response to post #15507905.

The same as when downloading it manually. The NMM won't run the executable. Likely it won't even know where to put it. You'll still have to execute it yourself first for it to do any harm.

[SeraphTC]

In response to post #15481740. #15482485, #15497340 are all replies on the same post.

Thehorn2000 - no. Most gamers - especially experienced ones - do NOT turn off anti-virus and firewall. Certainly not when playing online games.

An experienced gamer will tweak their OS/Hardware to provide the best possible results whilst AV/FW are still running, and treat THAT as the safe baseline for system performance whilst gaming.

For offline games only, in theory you could run a full system scan, then if all is clean, physically disconnect your network (pull the cable/disable the wireless card), then disable the AV/Firewall - and don't insert any removable media whilst playing. Once you finish, enable AV/Firewall again before reconnecting to the network.

When playing online, just suck it up until you are able to improve your system and connection.

If you'd rather compromise security and your data so you can get an extra few fps or ms off your ping time, frankly you're making a foolish mistake. All it takes is for the game server to be compromised, or potentially even for a decent packet sniffer in the hands of an experienced hacker, and your system could be in serious trouble. These scenarios are not as unlikely as you might expect.

Know your system, know it's limits, and don't push it so hard that you have to disable your security to play. It's not worth it. Edited June 11, 2014 by SeraphTC

[SeraphTC]

Thanks for the honest update Robin - appreciate it. Edited June 11, 2014 by SeraphTC