Another note on site security, your security, and a malware email doing the rounds

[bjmutt]

Hello was reading and I have learned one thing. I get emails from my bank and other places I deal with. I never click on the e-mail link. I always got to the site I have bookmarked. I also use PC Pitstops

PC Matic. it has a super shield with both white lists and black list. have used it for 5 yrs. nothing has got in or out of my pc without my knowing about it. PC Matic stops it dead. If I download a file or program. it will notify me if it is a bad program. happy gaming themutt

[Saerileth]

In response to post #15638610. #15690370 is also a reply to the same post.

Usually executables (.exe-files) are the only thing you need to worry about, and as long as you scan them before running them you should be fine. Self-extracting archives can be a threat too sometimes, but other than that most mods are pretty safe... I don't know if it's even possible to pack a virus into a mesh or texture file, and even if it is it's probably not too common since Bethesda uses it's own file types for those things that nobody else uses, so there wouldn't be much to target.

[ldsman]

Does anyone know if this is fixed or not yet? I mean Dark0ne said he updated the site but didn't mention if this was completely fixed or not.

[mightymouse65]

Just to let staff and people know that upon upgrading NMM to .50.1 legendary today there were 3 apachi hair mod files waiting to be downloaded and presume those contain the viruses mentioned in article here.I never tried to upgrade or download those apachi hair file mods.I removed the downloads waiting.Be nice if the new Nexus Mod Manager itself didn't come with viruses attached as well!!!!

 

sorry-correction: "0.50.1 Legacy Beta" . I used the upgrade button on the manager itself to do the upgrade.I tried installing the 0.50.3 from Nexus site here and it said it does not support my windows xp version.When clicking the upgrade button on the manager itself it says I am up to date at .50.1.Do I have a bad mod manager installed?I seem to be running fine and have changed password today.

 

ran malware bytes and show none found and no spam in e-mail.Hope I am ok and good to go still.I meen no offence and only wish to say that upon upgrading I seen 3 downloads sitting there,all apachi hair mods.That seemed to be what was mentioned in other article about how the virus was getting transferd so wanted to give a heads up to staff that it may be attached to the manager itself when upgrading through the manager upgrade button.

Edited June 21, 2014 by mightymouse65

[Thandal]

There is no such thing as "NMM .50.1 Legendary". The current version is: 0.50.3, and the only download links you should trust are those posted here on the Nexus sites (not in user comments, but on the site itself!)

 

Ahhh... The "Legacy" version. Glad to learn someone wasn't distributing malware as "NMM Legendary" ! :laugh:

Edited June 21, 2014 by Thandal
Updated to reflect correction to previous post.

[VTPhoebus]

I'm not sure if this is related to the breach in site security, but almost every time I log into Skyrim Nexus over the past few weeks, my NAV goes off telling me of an attack that has been prevented. This ONLY happens on this site.

 

This is the information I have about the most recent attack:

An intrusion attempt by 23.23.126.79 was blocked by NAV

IPS Alert Name: Trojan.Miuref Activity 2

Attacking Computer: 23.23.126.79, 80

Attacker URL: can't cut/paste here so I'll have to skip that :| (starts with "artsconstruct.com" )

 

I hope this information is useful.

[kira29]

In response to post #15800675.

I'm having the same issue I was gonna check the hotfiles on Skyrim and everytime come here to Nexus my Norton Anti-Virus keeps saying a Trojan was blocked from an attack lol so hopefully this is resolved soon and back to normal. :) Edited June 22, 2014 by kira29

[Deleted133263User]

@ Robin

 

 

 

Our login mechanism will soon be using SSL, a long over-due addition. We are looking in to implementing two factor authentication on account logins similar to how Facebook and Steam Guard work; if you login from a different location we'll send a unique code to your registered email address before you can login.

 

Probably something for the future, but have you heard of SQRL ?

 

Steve Gibson is still working on it

 

https://www.grc.com/sqrl/sqrl.htm

 

The info page links at the bottom of that page are still being fleshed out, but its coming along quite quickly.

 

The web browser implementation will require a plugin, but you then just click to login

 

 

 

Hold on a second . . . We send the website a signed bunch of gibberish? That's it?

Yes. And that's exactly the point. SQRL provides absolutely anonymous identity authentication (IA). Users are identified only by a random “opaque token” and each unique combination of user and website creates a unique identity token. Thus, every user presents a unique identity to every website they visit. It is up to the user and the website to then (optionally) bind the user's unique SQRL identity to a real-world account on the website.

 

Edit: Development topics are in the grc.sqrl newsgroup http://12078.net/grcnews/thread.php?group=grc.sqrl

Edited June 22, 2014 by Guest

[RunicSaiyah]

its apprently some kid makeing threats around this time named Joeshadey on steam workshop and he says and i quote "we at annomouse hit the nexus a cou0ple days ago with a nast little suprise, got in thire admin account and uploaded virusres,, the nexus is denying that it was over theire banning to save face. but fair warning, dont use that site, we have uploaded 50 more viruses in thire database wich is set to destroy anyones system thaty uses the nexus pages,. we will be taking that site over secretrly then we will destroy it." probly some little kid whod mod dident work and no one liked likely lol but nexus if you can trace his little "virus" back to his IP and take leggil action agenced that little dipstick sorry for the poor spelling on my part english isent a 1st language :(

[DrakeTheDragon]

In response to post #15909445.

My personal advice:

I definitely wouldn't mind that one. Those who actually were after what happened would never even dare admitting it was them in public. They're more professional and know better. It was a 'capital crime' after all. They can arrest one already for just 'pretending' it was one. And a Steam account is way faster tracked back to one's home address than any IPs used for the attacks could ever be.

This 'kid' didn't even read the news what this all actually was about. It wasn't viruses, it was a Trojan. Trojans don't destroy your systems, they take them over. They'll be remote controlled, added into a bot net, used for future hacking attempts on other, more secure systems.

Heard of Seti@Home already by chance? That's the gist of it, distributed computing, just that the infected systems won't just help with some ultra-complex mathematical calculations, as in the case of Seti@Home, but with mass-attacks on companies' password forms and other gateways instead, highly illegal stuff.

Apart from the damaged reputation no harm was done to the Nexus servers or operations. This wasn't targeted at Nexus but at the users. Thus it's highly unlikely to be anything else but a rather professional attempt to gather as many high-jacked computers for one's bot net as possible, using a very promising target group of exceptional scale and with expectably low security measures on their PCs.

This was no gamer's or hobby hacker's doing, Anonymous wouldn't even touch these things. This was serious 'cyber criminals' at work, nothing else. Edited June 25, 2014 by DrakeTheDragon