ub3rman123 Posted September 24, 2010 Share Posted September 24, 2010 In case they're found useful at all, I took some screenshots of Google's diagnostic on the risk of FO3Nexus, BlackTreeGaming.com, and some IP linked to both that seems to have a ton (123) trojans on it. http://i1023.photobucket.com/albums/af356/ub3rman123/Page3.jpg?t=1285366051http://i1023.photobucket.com/albums/af356/ub3rman123/Page2.jpg?t=1285366050http://i1023.photobucket.com/albums/af356/ub3rman123/Page1.jpg?t=1285366050 Link to comment Share on other sites More sharing options...
LHammonds Posted September 24, 2010 Share Posted September 24, 2010 And this is what the initial page looks like before you get to see that extended information: NOTE: This page will continue to show up for an unspecified amount of time even after the site has been verified to be clean. http://i228.photobucket.com/albums/ee11/Conan_Lon/Oblivion/TESNexus/TESNexus_ReportAttack1.jpg Link to comment Share on other sites More sharing options...
joquanpro Posted September 24, 2010 Share Posted September 24, 2010 Hmm, this is the second time that this site has been injected with a malware code. I begin to wonder if this site truly is secure... ~Jake~ Link to comment Share on other sites More sharing options...
lostami Posted September 24, 2010 Share Posted September 24, 2010 Ya i got attacked by this to about a day ago.. but my AVG being it's over reactive self stopped it in it's tracks.... AVG may be a pain in my ass some times but it more then pays off in when this happens. Good to see the admins are on top of this, personally I'll wait for the filter to be updated before using Nexus again... not a hair up my *** don't mind me.But really thanks for posting a thread really helps ease the mind. Link to comment Share on other sites More sharing options...
BooneoftheWasteland Posted September 24, 2010 Share Posted September 24, 2010 Arghh! My GF is busy this weekend and I was going to do some serious downloading of mods for a new game for all weekend!!! Dang it's crimping into my FO3 time! LOL! :wallbash: :biggrin: :thumbsup: Link to comment Share on other sites More sharing options...
Thor. Posted September 24, 2010 Share Posted September 24, 2010 (edited) Yup!! still getting that redirect, this is kind of annoying, but i know it'll be resolved soon. Using Firefox with no script and add block plus flash block. http://www.tesnexus.com/downloads/latest.php?page=3&orderby=&order= Keep it up Dark0ne for removing those nasty virus's.. Kaspersky rules :thumbsup: Edited September 25, 2010 by Thor. Link to comment Share on other sites More sharing options...
Dilir79 Posted September 24, 2010 Share Posted September 24, 2010 WoW, and i thought it was a false alert O.OI'm still getting this Alert and running my anti-virus as we speak , hopefully everything gets fix Link to comment Share on other sites More sharing options...
vs001 Posted September 24, 2010 Share Posted September 24, 2010 Still serving trojans as of Sep 24, 2010 at 4:40 PM MST. AVG detected and prevented one from the Download selection page. Link to comment Share on other sites More sharing options...
Dark0ne Posted September 24, 2010 Author Share Posted September 24, 2010 Still serving trojans as of Sep 24, 2010 at 4:40 PM MST. AVG detected and prevented one from the Download selection page. Anyone else confirm this? I can't replicate it. Link to comment Share on other sites More sharing options...
LHammonds Posted September 24, 2010 Share Posted September 24, 2010 (edited) joquanpro, this site has nothing "injected" into the code and the site's assets (files, mods, images and code) were not compromised. A marketing ad server was compromised. The marketing firm that Dark0ne works with sub-contracted that particular ad among the many other ads. They are not centralized...just the service is centralized. When the remote ad server is compromised, it is then pulled by the marketing company and served to the Nexus which then displays the subscribed ad...which the infected ad then runs on your browser. This has been the target of choice for infecting PCs over the Internet because it is the easiest way to sneak code onto an end-user's PC. The same sort of garbage happens even to Microsoft, NBC, and any other web site (trusted or not) that utilizes ads from remote servers. This is why I do not use Internet Explorer anymore...because IE had too many controls to allow web sites to automatically and silently install and execute code on your PC. I now use Firefox with NoScript and Adblock Plus (I also like WOT). I typically allow scripts to run on sites I trust if the site functionality requires it but usually do not allow remote code to execute. You'd be surprised at how many external sites are used on a single page (e.g. web services). I typically allow ads to be displayed on the Nexus but when something like this pops up, I have the ability to block the ads until the situation is resolved. Then I let the ads flow freely again. Keep in mind that if you are not a premium member, those ads are what helps keep the Nexus alive by paying bandwidth and server bills. Moral of the story is, a web site should never be considered "secure" enough to let your guard down completely. Always be ready and have backup plans and safeguards in place in case something wonky does occur. LHammonds Edited September 24, 2010 by LHammonds Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now