Nexas staff: Shady looking mod just posted, probably virus trap

[HIMPDahak]

There is a VERY shady looking mod posted by desuccubi (a new ID just created today). It is a nude mod that is FAR too advanced for this point in the game's life, comments are disabled, the pictures look like they are from New Vegas, and the file is password protected with a link to a download site to download the password. Because I like to remain unvirused, I did not attempt to download the password to test my theory that this is a trap.

 

Mod link: http://www.nexusmods.com/fallout4/mods/329/?

 

Edit: And I apparently forgot how to spell Nexus so now my posting about a shady mod looks shady :P

Edited November 13, 2015 by HIMPDahak

[Oubliette]

Ok, when you find something suspicious about a specific mod - please use the "report" button located on the mod's download page (It's the little triangle with the exclamation mark in the middle directly below the mod images) and fill out the form accordingly.

 

There are hundreds of new threads posted every day, it's easy for the staff to not see a thread aimed at them. Which is why we have the report features for mods, users and threads, which only the staff can see and are sure to look over asap.

[HIMPDahak]

Oh I did, but this is as much to warn everyone else as best I can. It looks like it has been downloaded around 250 times so far and if I can prevent one person from getting scammed I will count it as a win.

[falloutboy65]

Agreed. I tried to load the pw link in a Sandboxie session with Private Browsing and NoScript on.

For a sec you see 'icon' called password.txt before you get immediately re-directed to 'widget.sharecash.org/nojs.php' complaining that JavaScript is disabled. So can't say (and won';t find out) what's there.

 

reported.

[tonicmole]

Reported also. It's odd that there is no category for malicious file. Seriously? Just went down as I was typing. We win!

[yunage]

It's gone. Good job gentlemen.

[tomomi1922]

Now I am curious what that mod looks like. Spam emails I have seen a lot, spam/malware mod I haven't seen.

[bben46]

It is against Nexus policy to upload password protected files at all. Just because of what this shows - it is too easy to hide malware or stolen mods behind a password. Thanks for reporting this. :thumbsup:

[TWarrior]

good job gentleman! thank you for reporting and also posting here! also thank you for moderators to take this down so fast!

[zanity]

An old and tedious SCAM that is rarely about 'trojans', but usually gets the conned individual to visit web-pages and complete activities that get the scammer a tiny amount of money for each page 'impression'.

 

But please remember, if you can see 'ads' or 'flash video' (or PDF files on Firefox) on your browser, an attacker can use this fact as a vector to load a trojan on your computer. Given that the most 'respectable' media sites have served MILLIONS of trojans to visitors in the last few years, via ads they illegally claimed to have no responsibility for, everything online must be considered a risk.

 

Funny fact- the password con originally gave people access to a real file, when they jumped through all the password hoops and filled out all the surveys requested. But the criminal scammers then found offering fake files worked pretty much as well.