Anyone else getting a random piece of crap pdf trying to save to your machine when simply going onto the FalloutNexus site?

I know I don't have a virus or anything, I think its one of the ad's from the site as it only comes up when the the ad loads. Its extremely irritating even though it only happened like twice in the past several days.

PS- I didn't allow it to download obviously.

Yup, thats happened to me. I thought it was just me, so I didn't speak up or anything.

Glad to know its not a virus, though.

Perhaps a better place to ask would be the forums on the site you're talking about?

Cipscis

Well I don't THINK it is a virus at least. More over since many of us go to that site, I thought I'd ask around here. Besides, I feel a little safer hanging around here asking than there waiting for it to screw something up.

Anyone else getting this strange crap? I'm sure its an ad, but It shouldn't be doing what its doing regardless. =/

been getting this thing as well was going to dl it and run it in a sandbox to see what the hell it is next time it pops up

Feel free, but I can't stress enough to be wary. Give us some insight if you wouldn't mind assuming you do. Oh and pdf's can easily launch viral websites and such so...yeah, be careful.

yeah i know, but ive got a backup from last week so can easily reinstall if something goes horribly horribly wrong 0_o

Much thanks, we're here if you could keep us posted what you find out. =)

ok so still havent been able to get the pdf to pop back up but i found this

http://thenexusforums.com/index.php?showtopic=179568&hl=pdf

do not friggin download it, it is a virus, looks like its been around since last month and the mods have not been able to get rid of it.

Get some http://www.google.de/chrome and https://chrome.google.com/extensions/detail/gighmmpiobklfepjocnamgkkbiglidom geez...

abp dosent block every single advertisemant known to man, i have firefox and abp + all the necessary subscriptions and this little bastard has still popped up

Cripes, just when you thought it was safe to go into the water =/

Thanks for the heads up. Well I won't be going to nexus till that's cleared up now, friggin piece of [censored] firefox auto downloads before you tell it too =/

So anyone using firefox IMMEDIATELY kill/stop and close the browser and all its tabs in as fast as you can if you see that on the nexus. Firefox will automatically download the damn thing even if you just sit there at the "save to" option.

I have been trying to find a way to kill that feature.

go to tools options applications look for pdf and set to always ask, i do this will all downlodable files, though if you dont know exactly what each option in there does id only mess with the pdf one.

I thank you for the tip. But alas the option is really not good enough. Even when the user is just sitting there looking at the "where to save file" option, firefox has already begun downloading it to the temporary file section hidden on your hard drive. Its very very bad that the browser does this as it can be dangerous. =/

http://my.opera.com/desktopteam/blog/2010/02/17/no-rest-for-the-wicked.

Except neither Chrome nor Opera have any sort of protection against this kind of attack. In fact, lacking a virtualized protected mode (that IE has), they're even weaker against it.

The attack is against Adobe Reader, which may or may not automatically load into your browser when it encounters a PDF. If it does load into your browser, and your browser is anything other than IE7/8 in protected mode, you are infected.

The solution is to replace Adobe Reader (by removing it) or to turn off Javascript within Reader.

Thanks for the tips Hat. =)

Surprising the nexus is not screening their ad's a little better. But I hope that problem will be fixed soon.

Hope people read this here first before allowing their machines damaged.

I use Firefox with AdblockPlus and have never seen any ads at Nexus but thanks to this thread and the advice from Hattix, I no longer have Adobe Reader on my computer. I installed http://blog.kowalczyk.info/software/sumatrapdf/index.html instead after seeing it recommended by other forum members and on howtogeek.com.

Glad to bring it to even a handful of people. I hate to be paranoid but Sometimes a little caution is good. Stay safe folks =)

Hard part is it's due to nexus iirc using an ad service and not handpicking ads.

Much like digg and facebook does, they don't choose the ads. They just let a third party put them up for them

It is way too easy for a service based ad to be compromised.

Was not aware of that fact. But that makes more sense. Ultimately though its us the end users who suffer. Sure the files do not seem compromised as of yet that I'm aware of. But neither do you want to casually forget and skip on over to the nexus and "oh fiddlestix, it ruins your machine".

Kinda just keeping this thread up because obviously people here go there a lot and it makes sense for people to be aware of this.

Thank you for letting us know. I don't go to the Nexus often, but I hope this situation can be resolved soon.

Fortunately, I don't have PDFs autoloading at all, so even if Firefox attempts to download it, it won't automatically launch.

And Firefox is a really good browser, although it fails on some webpages...

If you want an adblocker that simultaneously works for every browser, you can use an updated HOSTS file: http://www.mvps.org/winhelp2002/hosts.htm
Direct download: http://www.mvps.org/winhelp2002/hosts.zip

Hi folks,

This problem is related to a bad advertiser somewhere down the chain. Most small/independent sites will make use of third-parties to sell their advertising inventory as they have no time or social capital to strike deals with individual companies themselves. You actually deal with 2 or more third-parties that works in a chaining system; the first company will be your exclusive company that you give all your ad inventory to. They utilise it the best they can but some of the inventory they won't be able to show ads for either because they have none, they've reached their cap or the user isn't from a geographic location they're interested in, so that ad inventory gets passed on to a second company. Rinse and repeat as much as you want down a chain in format: Exclusive (first) ad company -> company #2 -> company #3 -> company #4 ... End.

Ideally you chain your companies in order of how good/effective/profitable they are, but in turn some of these companies might send some of your inventory to chains of their own, and this is where problems start. If they outsource some of your inventory to a company that isn't as reputable or stringent on their safety standards as the ones you've picked then you run in to problems. This will be what has happened here.

If you would actually like to help troubleshoot this problem then providing me with as much information as possible will be a great help. A screenshot of the ad in question and any URLs related to it would also be super helpful. I've already been on the phone to my ad agent(s) and spoken to them about it and we're all investigating it now.

You can use an adblocker if you want but obviously becoming a premium member (who see no ads on the site) would be preferable. Advertising income and premium membership are absolutely paramount to keeping the site(s) a float and people using adblockers are essentially leeching off the site. What with the sites making use of 8 different dedicated servers and serving 70TB of bandwidth at a constant 450mbit the bills are up to about $4000/month right now

Remember to keep your anti-virus and firewall up-to-date as well.

It needs to be added that by no stretch of the imagination is this the fault of Nexus.

Ads are bought from an agency, in this case, it's organised crime using stolen identities to buy the ads, which then include malicious PDFs. The agency doesn't know anything and the first thing site owners know is when their users are lambasting them for distributing malware.

Nexus isn't the only site that's been affected, some extremely high profile sites such as Fark and Washington Post also were affected.