Google was certainly my friend for this attack. I had two siginificant blog postings disappear, but thanks to Google's cache, I was able to recover them.
Curious about the site attack
- Thread starter KingConrail76
- Start date
Google was certainly my friend for this attack. I had two siginificant blog postings disappear, but thanks to Google's cache, I was able to recover them.
If it reassures people, I saw absolutely no sign either in Microsoft Security Essentials realtime protection or a subsequent MalwareBytes scan of anything installed during during the brief time the forums had the popup visible. As I said, though, I didn't attempt to touch the popup or navigate away from the page by the back button, I used the bookmarks to revisit the site, so if people did click OK or the close popup symbol, they might have got stuff I didn't.
Someone up thread said that e-mails were exposed, and this may was to harvest addresses. I have just received an email purportedly from N3V Games offering a cheap upgrade. Is there any chance this is a scam? I have to say that it looks legitimate, but the timing is making me suspicious.
shaneturner12
Tutorial Creator
There is an active legitimate sale on Trainz 12 at the moment - if you are unsure of the email, check Simulator Central itself (which has not been affected by the attack).
Shane
Shane
mezzoprezzo
Content appreciator
Popup
.
This is what I saw (censored in red pencil by me) when attempting to log in through the Spartan looking screen.
On seeing the popup I clicked on nothing more, immediately closing the Browser using the, “three fingered salute”, (Ctrl+Alt+Del) to open Windows Task Manager and simply ended the Task.
Reopening the browser (Chrome) offered the usual option to restore previous pages where they hadn't been properly closed - answered, of course, with a firm NO!
Two full antivirus system scans later, nothing untoward found.
Cheers
Casper
.
This is what I saw (censored in red pencil by me) when attempting to log in through the Spartan looking screen.
On seeing the popup I clicked on nothing more, immediately closing the Browser using the, “three fingered salute”, (Ctrl+Alt+Del) to open Windows Task Manager and simply ended the Task.
Reopening the browser (Chrome) offered the usual option to restore previous pages where they hadn't been properly closed - answered, of course, with a firm NO!
Two full antivirus system scans later, nothing untoward found.
Cheers
Casper
cascaderailroad
New member
I wonder who would do such a devious dastardly attack ? Possibly a disgruntled RR Simulator employee (of Hmmmm) ... or a person that bought TS12, patched to SP1, and was severely ticked off ? ! ?
Why ... Why ? ? ?
Why ... Why ? ? ?
Hackers don't always have a or need a motive, they can do it just because it's there. Just knowing they aggravated people is their reward. I submit all this chatter is contributing to their glee and satisfaction.
PortLineParker
UK Route Builder
Yes, I received that popup as well. Quite funny at the time actually... I've scanned my system and detected a small virus, but I don't think it was caused by the forums.
PortLineParker
PortLineParker
mezzoprezzo
Content appreciator
At one point I thought the slimmed down Forum (and popup!) might have been an internal N3V/Auran test system which had been accidentally exposed to us mere mortals, but I guess that wasn't the case!
Blutorse4792
Now T:ANE I can get into
I visited several times that day, though I got no messages about the world's oldest profession. My machine is clean, just ran a scan.
I worked in the IT world, as many of you know, for many, many years. Part of my job was to monitor and update my servers and end-user PCs and workstations, and keep their antivirus update-to-date at all times. This by far is only a small part of fighting malware. The other part is educating the end-users on how to be suspicious of odd behaviours, not to click on weird pop-ups, etc.. By combining the two approaches, I was able to keep the virus infections to a minimum. From what I have seen here, you guys, and I mean the community members, have done a commendable job of staying on top of the end result of this attack!
By being aware of what happens all the time, and what is not so ordinary, you were ready to pounce and scan your machines for malware immediately. This really is something I haven't seen in quite some time, and in particular in an internet forum community. A few people had infections , although I do suspect that they have come from other sources, and not these forums. The popup messages, as malevolent as it appeared, may very well have been just that, a popup. There is nothing wrong though about being paranoid when something like this happens. We have a lot at stake here! Our whole virtual world exists as little bits and bytes. ones and zeros, and nothing more. If this is jeopardized, everything is lost.
If you are interested in more information on malware, visit the Parts & Labor forum, I wrote some interesting posts on this subject in the thread entitled antivirus.
John
By being aware of what happens all the time, and what is not so ordinary, you were ready to pounce and scan your machines for malware immediately. This really is something I haven't seen in quite some time, and in particular in an internet forum community. A few people had infections , although I do suspect that they have come from other sources, and not these forums. The popup messages, as malevolent as it appeared, may very well have been just that, a popup. There is nothing wrong though about being paranoid when something like this happens. We have a lot at stake here! Our whole virtual world exists as little bits and bytes. ones and zeros, and nothing more. If this is jeopardized, everything is lost.
If you are interested in more information on malware, visit the Parts & Labor forum, I wrote some interesting posts on this subject in the thread entitled antivirus.
John
recdriver1023
Member
This morning at 11:04 when I was reading the forums trend-micro removed a malware called TSPY_installcore_BKO I don1y know if that had anything to do with this or not Roger
Hi Roger,
That's an interesting one as it is related to spam. You could have picked this up anywhere including from an email with embedded code.
Your best bet would be to scan your system with a full scan.
John