Ransomware popup from Nexus site!?

[Chibiabos]

Okay, confession time -- I run AdBlock. I've been running AdBlock because JUST BROWSING THE INTERNET, my computer -- which isn't a cutting edge gaming system, but its a modest budget homebrew not crippled with the demoware crap that comes with an OEM computer -- my system would lag horribly (again, JUST BROWSING THE INTERNET), with browsers (FireFox which I gave up on entirely, but even Chrome gets afflicted) swelling to several GB of memory usage and choking out a core. A friggin WEB BROWSER. Flash and Java seemed likely culprits ... while I respect webmaster's need to fund their bandwidth costs through ads, the flash and java ads are just so bloated that they kept choking my system ... add to that, once in awhile malware would be embedded in those java or flash ads.

 

That being said, I have felt a bit guilty, I know when I use a site I don't pay for, those operating the site need to pay for it ... so reluctantly I caved to Nexus' guilt tripping and turned off Adblock on Nexus. WITHIN HOURS, I got a RANSOMWARE POPUP. I took a screenshot, then used Task Manager to kill the browser. I immediately rescinded Nexus' exemptions on Adblock.

 

Now, I'm not a security expert, which means I cannot guarantee that this ransomware popup came through the Nexus ads ... but this is the very first time since installing AdBlock that I have had a malware popup like this, and the following facts I can guarantee are true, it seems suspicious beyond reasonable coincidence that the popup resulted from ads displayed on the Nexus site:

 

• The Nexus site was the only site I had opened (I had several mods I was perusing in various tabs as can be seen)
• Timing is beyond reasonable coincidence, given:
  • I have not had a single popup like this since installing Adblock more than five years ago
  • I browse the internet a lot (and so there were plenty of opportunities for other sites to give me this popup)
  • This popup occurred within a few hours of my having exempted Nexus from Adblock

 

I ABSOLUTELY KNOW AND TRUST the Nexus operators would not knowingly allow users to be exposed to malware like this. While I'm not an expert, again, its my understanding Nexus gets money from a third party that pumps in advertisements that Nexus embeds on its site (all Nexus does is embed the code to display the ads, the ads themselves are made by third parties). Unfortunately I know a post like this can prompt people to believe the Nexus admins/operators are trying to infect their computers intentionally, but I have no reason to believe (and in fact readily disbelieve) this is true. These java and flash ads ultimately, I think, get handled in bulk by the third party ad revenue vendors. They do not properly screen the ads (even though malware is rare, bugs and bloat are ubercommon), and what automatic screening they do they probably rely too much upon ... its a cat and mouse game, the malware makers will always have an advantage that they can keep poking whatever security filters the ad companies have until they find a way to write malware like this that will finally get through.

 

While I again don't believe at all anyone at Nexus did anything intentionally nefarious, and while again I cannot guarantee this malware popup came through ads on Nexus, I think the circumstantial evidence is simply too strong to ignore and stay quiet. I think the circumstance is worrisome enough to put out this alarm call. I regret this will probably mean some people whom had allowed Nexus to display ads will probably turn them off, but I think that's lesser damage than, say, staying silent when there's reasonable suspicion of a serious security breach here. I don't know if there's anything Nexus admin can do on their end to clamp down, work with their ad vendor, hunt down the source of this, put them out of business and tighten security so users can browse safely with ads. I hope Nexus understands the pennies they get from each individual user's ad impressions should not be worth exposing users to malware attacks like this, that just doesn't balance out. I realize the screenshot (ugh, 250 KB limit? jeez, had to reduce screenshot to 16-colors) is probably not eminently useful (but I would feel ReallyGood if somehow it proves crucial to putting an InternetBadGuy out of business!).

[SirSalami]

Very sorry to read of your troubles Chibiabos, and thank you for at least attempting to support our site by disabling adblocker.

 

Due to the way that our ads are served to us/you, it's highly unlikely that the malicious content was a result of viewing an ad on our site. Not impossible, I suppose, but very very improbable. We use reputable ad provider who ultimately, would be responsible as you pointed out. I'm happy to investigate but unless the situation becomes more widespread, it's difficult to make assumptions about our provider.

 

Like you, I'm no security expert, however it may be prudent for you to run some sort of malware cleaner (like malwarebytes). Also, PC Gamer recently ran an article about free antivirus packages that may be of interest.

 

Oh, and from personal experience, ad-blockers actually are very memory hungry extensions to already bloated browsers. Running ad-blockers on older machines, again only my experience, have actually resulted in an even slower browsing experiences for me.

 

I hope this helps.

[souljasnake]

This also happened to me only thing open was nexus and it popped up and i had to close it with task manager. It even had the same exact text. So now i set adblock to disallow ads for this site.

[IsharaMeradin]

I remember seeing this too.

[Chibiabos]

As a side note, I have been trying to buy that sponsorship thing, but for some reason neither the Paypal nor debit card options are allowing the transaction to proceed. :( Unfortunately all I get are generic, nondescript "we were unable to process your transaction" messages from both Paypal and the onsite card processing. Are only users in the UK able to buy the sponsorship?