Nexus Mods attacked by VIRUS

The popular site for mods for Skyrim, Oblivion, morrowind, and a ton of other games was infected yesterday. Someone got access to an admin account (who likely got a keylogger) and made changes to some of the most popular mods for all recent Bethesda games. The most popular mods like SKYUI were compromised and replaced with a virus.

If you downloaded any of these mods between 12pm and 2.30pm GMT yesterday, you are infected:

SkyUI
ApacheiSkyHair for Skyrim
Fallout 3 Redesigned - Formerly Project Beauty for Fallout 3
Project Nevada for Fallout New Vegas
Oblivion Character Overhaul version 2 for Oblivion

Among these are changes to the ads, which sends some German users to a fake page that claims to download java. Even if you didn't install these 5 mods, but you did install other mods, its good practice to check your PCs for anything.

What do you think escapist? Unacceptable? Understandable? Did you download anything yesterday?

source:
http://forums.nexusmods.com/index.php?/topic/1790875-staff-account-compromise-whats-happened-and-an-apology/

Well that sucks. Obviously terrible that it's happened - any kind of hosting site is an appealing target to these kinds of attacks because of the vectors they offer for further infection. You can't really blame Nexus for it though - they hardly have an extensive budget and I imagine it's hard enough keeping everything hosted and dealing with the traffic without worrying about top-of-the-line security as well.
Which is why you should always, always scan downloaded files, both before and after unzipping, with a decent AV.

Frankly, sites like Nexus get kudos from me for not trying to bundle their downloads with all kinds of bloaty, borderline malware-y crap like you get on cnet or whatever. Being an innocent victim of an attack doesn't negatively affect their rep as far as I'm concerned. The fact that they've extensively documented what happened and issued appropriate advice enhances it if anything.

Good thing I haven't been on that site in a while. I'm glad we have news of the attack by now. As far as I know, the fault doesn't lie with them.

"Within 20 minutes the file was removed".
That's...amazing.

Wish bigger companies, with millions to spend, could be that open about it.

Tanis:
"Within 20 minutes the file was removed".
That's...amazing.

Wish bigger companies, with millions to spend, could be that open about it.

pfffffft. I would say it's spectacular that the attack was reported within a week...Maybe months after...

Shit happens, you can't really blame them for it and they got on top of it very quickly. Even if you trust a site you should scan files you download because this can happen to any site.

i hate it when that one douchebag ruins everything for everyone else

kids, never be THAT guy

I could never be mad at Nexus. They do such an amazing job providing for the modding community.

Holy wow. I literally thought JUST last night "Ya know, I wanna redownload a bunch of Skyrim mods and start over", but got distracted by Uplink.

Saved my bacon, it looks like.

Fucking hell, I downloaded the Oblivion Character Overhaul on the 6th..

today one of the few times that I am happy that I am pretty fail at installing mods (I just use steam workshop :P)

lacktheknack:
Holy wow. I literally thought JUST last night "Ya know, I wanna redownload a bunch of Skyrim mods and start over", but got distracted by Uplink.

Saved my bacon, it looks like.

In the exact same boat on that. Me and my buddy were talking on it last night and he said I should just remove everything, download the top 5 mods currently up, and try with that... Glad I decided to just not bother with it that evening!

TaleWorlds has also had their Mount & Blade servers attacked. There's certainly some strange shit going on. Not sure if they're connected - both have intense modding communities, though, so there may be a link.

It was dealt with quickly, efficiently, and reported within a reasonable time frame.

Now if other websites could perform in a similar manner then I would be impressed.

OneCatch :
Well that sucks. Obviously terrible that it's happened - any kind of hosting site is an appealing target to these kinds of attacks because of the vectors they offer for further infection. You can't really blame Nexus for it though - they hardly have an extensive budget and I imagine it's hard enough keeping everything hosted and dealing with the traffic without worrying about top-of-the-line security as well.
Which is why you should always, always scan downloaded files, both before and after unzipping, with a decent AV.

Frankly, sites like Nexus get kudos from me for not trying to bundle their downloads with all kinds of bloaty, borderline malware-y crap like you get on cnet or whatever. Being an innocent victim of an attack doesn't negatively affect their rep as far as I'm concerned. The fact that they've extensively documented what happened and issued appropriate advice enhances it if anything.

right on the nose. it's fucking impressive with what little they have in terms of budget how friendly that website is in downloading and helping users out. One of the major reasons why I fucking love mods and what they do for games. And as said, they were completely open about it and got that shit stomped on pretty quickly, can't ask for better than that when shit happens.

Cheers for the heads up, OP. Well done.

Looks like the breach was handled well by the Nexus moderators. Hope that people who did download those files during the affected time period see the news.

 

Reply to Thread

This thread is locked