Jump to content
MadCat221

Trojan Uploader Alert on Nexus

Recommended Posts

A heads-up from Dark0ne:

 

This is a heads up announcement to please, for the love of all that is good, always keep your wits about you when downloading from here or anywhere on the internet.

There is currently an individual who is placing trojans within well known pieces of Skyrim software, such as the Skyrim Character Editor and even Skyrim Mod Organizer, and then uploading them as new files here on Skyrim Nexus (note, the original files here and here are NOT compromised, this user is uploading new files to the site masquerading as these files). This trojan has code within it that will retrieve any passwords you have stored in your browser and send them to the script kiddy's email address. The script kiddy is then using the details he has stolen from users "unlucky" enough to be exploited in this way, logging in to their accounts here on the Nexus and then uploading another trojan via the same method.

If you believe you may have fallen for this exploit then ALL the passwords you have stored in your browser have been compromised. You should change your passwords immediately for any and all sites you use, and change your passwords on any sites where you have used the same password, even if you don't have that site's login stored.

If you stick to common sense practises while browsing the internet then this will not be a problem for you at all. Things you should always be suspicious of or do:
 

  • Files with comments disabled that have only been uploaded in the past day
  • Elaborate and complex files uploaded by new users or users who have previously not uploaded a single file or made a single comment on the sites
  • Software that has absolutely no business using your internet connection trying to make a connection to the internet
  • Executable files, or files containing .DLL libraries unless you are absolutely sure it can be trusted.
  • Always, always run a virus scan on any files you download from this or any site you download from
  • If in doubt, don't download or open the file and wait to see what other more experienced users are reporting

I sympathise with the people who have been caught by this, but you got caught by this because you aren't using your common sense. Please, for your sake, keep your wits about you and don't let your guard down when downloading files on the internet.

If you don't have a firewall, or if your firewall does not warn you when new, unrecognised and untrusted software is trying to connect to the internet please follow these steps:

  • Find your router
  • Rip your router away from any connected cables
  • Open the nearest window
  • Throw your router out of it
  • Close the window

Honestly, get a firewall, install it, and understand how it works. Without one it's very possible your system is a drone in a botnet and likely a part of the perpetual problem of the internet that is DDoS'ing, something that we're no stranger to here.

 

 

I've seen it a few times, and the way they were uploaded always seemed fishy.  I was not aware that the malignant was host-hopping though. 

 

Share this post


Link to post
Share on other sites

I saw this new "Mod Organizer" yesterday and I was pretty sure it was a virus. Like I always do I clicked the uploader's name and saw he was new on Nexus, and that it was his first mod. Then I noticed that comments were disabled.

 

Like Dark0ne said, common sense.

Share this post


Link to post
Share on other sites

It's a pretty clever password harvesting method though. Whoever dreamed this up picked the perfect target audience for it. The people he'll likely continue to snare are the type that don't read. Anything. Not even news articles warning them of their doom.

Share this post


Link to post
Share on other sites

I completely agree with Arthmoor. If people would only read, but they don't. One of the sad facts of life on the internet.

Share this post


Link to post
Share on other sites

Well for paying customers at least, it is a good idea for Nexus to implement a scanning schedule.

All new files put up for download should have a <not scanned> flag until they are scanned.

 

A scanning robot isn't rocket surgery.  :blink:

Share this post


Link to post
Share on other sites

At this point I'd have to say they ought to start scanning ALL submissions to the site before approving them to be available to the public. If a file has a virus, the file should be immediately removed and the entry put into the moderation queue for the staff to deal with.

 

I don't think it would be very practical to do this to all of the existing files already there, just on newly uploaded ones (including updates on existing stuff).

Share this post


Link to post
Share on other sites

At this point I'd have to say they ought to start scanning ALL submissions to the site before approving them to be available to the public. If a file has a virus, the file should be immediately removed and the entry put into the moderation queue for the staff to deal with.

 

I don't think it would be very practical to do this to all of the existing files already there, just on newly uploaded ones (including updates on existing stuff).

We share the same opinion on this matter.

Share this post


Link to post
Share on other sites

Yep,

The scanner should just pick up on the *.exe *.bat and *.dll files anyhow.

Any virus code able to replicate  from use  of *.esp *.dds or *nif etc. _would_ raise some eyebrows.

Share this post


Link to post
Share on other sites

It would need to scan inside the various archive formats (.zip/.rar/.7z/etc) in order to check all that. There are server side anti-virus products out there than can be used for this purpose.

Share this post


Link to post
Share on other sites

It would need to scan inside the various archive formats (.zip/.rar/.7z/etc) in order to check all that. There are server side anti-virus products out there than can be used for this purpose.

Panda is one antivirus software that have capability to scan a server, cloud based network.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Support us on Patreon!

×
×
  • Create New...