IGNORE Any Posts Or Emails Titled : Critical Security Vulnerability

**Duncan Glenday** · 04-19-2017

WE HAVE BEEN HACKED!

If you get an email, or see any post from "Admin" telling you to follow a link to fix a security vulnerability ...

IGNORE IT

It's a scam.

Thanks,

The (real) Admin

**flytomars** · 04-19-2017

Damn, lucky I checked here, almost fooled me...

**Dave (in MA)** · 04-19-2017

I wonder what the "fix" does if someone falls for it.

If only they would use their powers for Niceness instead of evil.

**flytomars** · 04-19-2017

Wait a second,
How do we know that YOU are the real PE and not a hacker? I am getting confused

**Udi Koomran** · 04-19-2017

You need to make this warning more prominent

**AncientChord** · 04-19-2017

Woe, I almost fell for it too. But these days I question anything like that instead of blindly downloading. Glad I did!

**Rarebird** · 04-19-2017

I didn't fall for it. I never download something, just because some e-mail tells me so. I first look at the website.

**progcd54** · 04-19-2017

The email I received went directly to my "deleted" folder. Not a good sign for sure. I'll bet if you download and install the fix that the supposed virus is there in the download itself. NEVER install an ".exe" file you don't recognize as legit. Also..anyone who had visited in the past "24 months"...seriously...and we are just hearing about it now??? SCAM SCAM SCAM!!!!!

Here's the message:

There was recently a security vulnerability we found in our software. All users that visited within 24 months have been affected. It is known as HTML injections and have put a virus into you PC. We have updated and made a fix. This is a client to remove the affected code 100% and protect you from attacks like these.

This will be required for all members wanting to stay on the forum because of recent security issues.

This file has been scanned for viruses and there is no need to worry about it!

DOWNLOAD HERE>>> """http://sendspace.com/file/8kx8sf[/"""

"""https://www.virustotal.com/en/file/eb8bff16823e6bb79e91db9fb98bb7b0ea11a42ea9a50979f3 ad0c8d0927934b/analysis/1491961464/"""

We are very sorry for the inconvenience but we will be happy to see it that you will come back to ProgressiveEars

**Scrotum Scissor** · 04-19-2017

We're gonna find them and make them wish they'D NEVER BEEN BORN!

**Harbottle** · 04-19-2017

The hackers ruined Genesis!

**lovecraft** · 04-19-2017

A soon as you read it, the fact that English is not this persons first language, makes it dead giveaway. Some of the grammar would make my wife apoplectic with rage....

**Kavus Torabi** · 04-19-2017

I suspected it was a scam but nice to have it clarified!

**progcd54** · 04-19-2017

Originally Posted by lovecraft

A soon as you read it, the fact that English is not this persons first language, makes it dead giveaway. Some of the grammar would make my wife apoplectic with rage....

Great observation!!!

**Chain** · 04-19-2017

Probably a Phil Collins lover

**Halmyre** · 04-19-2017

Originally Posted by Scrotum Scissor

We're gonna find them and make them wish they'D NEVER BEEN BORN!

Yes, we're going to invite them into a R&RHOF topic.

**ske** · 04-19-2017

Thanks.

**thedunno** · 04-19-2017

But obviously the scammers did get their hands on the progressive ears users database.

**Adrian** · 04-19-2017

Originally Posted by lovecraft

A soon as you read it, the fact that English is not this persons first language, makes it dead giveaway. Some of the grammar would make my wife apoplectic with rage....

Yep. Whenever in doubt, consider how poorly the "warning" is written. It will rarely steer you wrong.

**Trane** · 04-19-2017

Yup, I also had this and was about to open a thread in the site issue section (someone else did)

Originally Posted by Udi Koomran

You need to make this warning more prominent

My first glance was in the Admin Site Issue forum to see if Sean/Coz/Duncan had posted there

Originally Posted by Rarebird

I didn't fall for it. I never download something, just because some e-mail tells me so. I first look at the website.

Exactly, my first reaction was to check the site for confirmation

Originally Posted by Halmyre

Yes, we're going to invite them into a R&RHOF topic.

Hey, no need to get ugly and murderous

**Zeuhlmate** · 04-19-2017

You should also always be alerted when the download link doesnt match progressiveears.org but is going somewhere else.

BUT there must be some kind of vulnerabilty, since the Opera browser warns you that progressiveears.org has a problem...

**Sordel** · 04-19-2017

Originally Posted by lovecraft

A soon as you read it, the fact that English is not this persons first language, makes it dead giveaway. Some of the grammar would make my wife apoplectic with rage....

Yes, it's strange to me that these people are so skilled at hacking yet don't get anyone to check their English. To be honest, it will be very difficult to tell a scan like this from a real warning if they put more work into the body text.

Can the admins here work out whether the hackers got just the user emails or did they get login passwords as well?

**Poisoned Youth** · 04-19-2017

Geez, the depths that Snake Oil Audio will go to get members...

Thanks, Duncan. Hopefully everyone checks here first for clarification.

**Poisoned Youth** · 04-19-2017

Originally Posted by Sordel

Yes, it's strange to me that these people are so skilled at hacking yet don't get anyone to check their English. To be honest, it will be very difficult to tell a scan like this from a real warning if they put more work into the body text.

Can the admins here work out whether the hackers got just the user emails or did they get login passwords as well?

Duncan is your best bet to answer that. The only thing I can surmise from the email is that it referred to me by my user name, which I think help provides a clue. So they may have just used the admin messaging system to send a mass email and not by collecting everyone's data.