Warning!

[Neovalen]

This was posted by Dark0ne over on the Nexus today.

 

https://www.nexusmods.com/skyrim/news/12297/?

6 March 2014 13:40:26

Be careful: Trojans masquerading as popular executables

posted by Dark0ne Site News

This is a heads up announcement to please, for the love of all that is good, always keep your wits about you when downloading from here or anywhere on the internet.

There is currently an individual who is placing trojans within well known pieces of Skyrim software, such as the Skyrim Character Editor and even Skyrim Mod Organizer, and then uploading them as new files here on Skyrim Nexus (note, the original files here and here are NOT compromised, this user is uploading new files to the site masquerading as these files). This trojan has code within it that will retrieve any passwords you have stored in your browser and send them to the script kiddy's email address. The script kiddy is then using the details he has stolen from users "unlucky" enough to be exploited in this way, logging in to their accounts here on the Nexus and then uploading another trojan via the same method.

If you believe you may have fallen for this exploit then ALL the passwords you have stored in your browser have been compromised. You should change your passwords immediately for any and all sites you use, and change your passwords on any sites where you have used the same password, even if you don't have that site's login stored.

If you stick to common sense practises while browsing the internet then this will not be a problem for you at all. Things you should always be suspicious of or do:
 

[*]Files with comments disabled that have only been uploaded in the past day [*]Elaborate and complex files uploaded by new users or users who have previously not uploaded a single file or made a single comment on the sites [*]Software that has absolutely no business using your internet connection trying to make a connection to the internet [*]Executable files, or files containing .DLL libraries unless you are absolutely sure it can be trusted. [*]Always, always run a virus scan on any files you download from this or any site you download from [*]If in doubt, don't download or open the file and wait to see what other more experienced users are reporting

I sympathise with the people who have been caught by this, but you got caught by this because you aren't using your common sense. Please, for your sake, keep your wits about you and don't let your guard down when downloading files on the internet.

If you don't have a firewall, or if your firewall does not warn you when new, unrecognised and untrusted software is trying to connect to the internet please follow these steps:
 

[*]Find your router [*]Rip your router away from any connected cables [*]Open the nearest window [*]Throw your router out of it [*]Close the window



Honestly, get a firewall, install it, and understand how it works. Without one it's very possible your system is a drone in a botnet and likely a part of the perpetual problem of the internet that is DDoS'ing, something that we're no stranger to here.

[oqhansoloqo]

For the past week, on the Nexus, every so often I get a message from my antivirus program about blocking an intrusion attempt by an IP address (last time it was 54.225.134.94 at the URL: babybuzz.tv) using "Trojan.Boaxxe Activity 2".  I think it's one of the ads that loads up in that annoying ad window.  No doubt many of you have gotten the ad, since the Nexus only displays a handful of ads over and over again, and you all go there continuously for mods... Hopefully you have virus protection that has blocked that one offending ad.

[DoubleYou]

I always use Adblock Plus. Even if I want to support the site, the truth is most viruses seem to spread through infected ads.

[EssArrBee]

I have trouble loading some sites correctly because I use AdGuard, Disconnect, and Do Not Track Me. I can't even get highlight videos to play on espn.com at all because it will not play before an add comes up.

[Octopuss]

I always use Adblock Plus. Even if I want to support the site, the truth is most viruses seem to spread through infected ads.

I guess the best thing to do is to buy lifetime premium rather than being bugged by ads which I believe won't generate much profit for the site anyway.

[oqhansoloqo]

Another one: Trojan.Miuref Activity 2 (from 107.21.110.245, 80) URL: medicinearchives.com

 

This crap is annoying and very bothersome - starting to make me suspicious and paranoid of the Nexus.  I hope there's not some new one that my antivirus hasn't detected yet that gets through.  Overall I am grateful to the people that run the Nexus for creating the mod hub that they did, but why aren't the people behind the Nexus more careful about the ads they allow on their site?  Seems highly irresponsible to me to allow ads by companies who are attempting to spread trojans and viruses to unsuspecting visiters.

Edited June 21, 2014 by oqhansoloqo

[DanielCoffey]

Report it to the Nexus, not us.

[oqhansoloqo]

Well now you know to have some virus protection when you visit there.  How can the Nexus not know about it already though?

[Octopuss]

Someone has to report it first.

Besides, it's a bit more complicated. If I understand it correctly, it works something like this:

Nexus sells banner space to some company X. That company manages various ads from other companies and/or individuals, who pay for having their ads placed somewhere. Some of those occasionally (or quite often actually) decide to try to spread some virus or malware that way, and it's not always caught by whatever security measures the company X has in place.

[EssArrBee]

Someone has to report it first.

Besides, it's a bit more complicated. If I understand it correctly, it works something like this:

Nexus sells banner space to some company X. That company manages various ads from other companies and/or individuals, who pay for having their ads placed somewhere. Some of those occasionally (or quite often actually) decide to try to spread some virus or malware that way, and it's not always caught by whatever security measures the company X has in place.

That is correct. It's a huge problem that the companies that manage the ads they put on their clients sites are not really monitored in any way because that would cut into profits. It's all about the Benjamins. 

[oqhansoloqo]

OK, I reported them.