Staff account compromise. What's happened and an apology.

[Zaldir]

 

In response to post #15480995. #15481145 is also a reply to the same post.

Thanks! I was always wary of Norton as I never paid for my antivirus before. I always got the free stuff. But that never worked. Then I tried Kaspersky which was okay for a time. But with new computers came new viruses and so far, only AVG seems competent enough to keep me safe. That and Addblock. I am at peace...for now!

 

I would recommend Malwarebytes instead of AVG. A setup with both Malwarebytes and MSE is so far the best setup I have used. Just make sure to have them exclude one another from the scans/Real-time protection.

 

And swap out Adblock Plus with Adblock Edge (and to those who are not Premium, remember to disable AdBlock on Nexus). ;)

[GguyWesker101]

darn,im glad i didn't download anything on that day,good job at getting it cleaned,how was the "hacker" able to get into the site's system in the first place,did he attack a moderator's account?

[zilav]

In response to post #15477990. #15479615 is also a reply to the same post.

Deleting can be done without approval, it won't hurt security in any way. Replacing files is what requires confirmation by at least 2 staff members.

[MikeW1985]

I would be recommending banning the hackers' isp, but that might hurt other lawfull users as well.

[snsmac]

Is it possibel to write a script, that uploads every new file automaticly to virustotal.com?

[thehorn2000]

In response to post #15486210.

dude its not like the hacker just gives you his ip,he probbably went trough several tunneling methods to avoid ip ban.i know i would if i planned to do something as foul as this.

[69mAnU96]

To my great surprise, I got an email from Nexus telling me to update to NMM 50.2.

Is there any connection with this story?

[zhaarteth]

Speaking of security concerns, I just received an email "on behalf of Nexus" from an address at karavaniers.com via mailjet.com. Obviously spam, but some mail services aren't very good at catching a lot of it. The only reason why I spotted this one was because I tend to check my spam bin for false positives.

 

The email in question was pretending to be an update notice for the latest NMM version. I'm certain the archive it linked to (zip named Nexus_Mod_Manager_0.50.2_Update) was malicious as it was hosted at an IP address that resolves to an AWS server.

 

If desired I can send the raw email in plain text to one of the staff (via PM) if nobody else has received it yet. It might not be all too important in the long run (spam spoofs happen all the time) but some might be tricked by this one in particular. It seems whoever designed it did a rather nice job at re-creating the Nexus look.

[zhaarteth]

In response to post #15487935.

I go to get tea in the middle of writing a comment regarding that exact subject and manage to get ninja'd in the process. Yeah I've a strong suspicion it's spam but I can't be too sure.

[Dark0ne]

It is spam. Well, it's not spam, it's someone specifically targeting Nexus users to try and get you to install their virus. But it's most definitely not from us.