File downloaded without my permission?

You don't need to do anything else. Just don't visit that defective site.

This just started on my MBP a few minutes ago. I haven't visited any unusual sites. The only anomaly for my MBP today was the App Store's downloading OS X El Capitan Public Beta Version 6. After restarting, a dialog box popped up asking whether I wanted to make Safari my default browser or keep Google Chrome. That was followed by automatic downloading of sugr.swf. Oddly enough, I don't have Google Chrome on my MBP, or in my household on any other computer. I cleared browser history in Safari and removed all websites' data, but they kept repopulating before I even closed the preference window. Did yours stop downloading? Any other actions recommended?

Do you mind sharing what sites you were browsing today? Maybe a screenshot of your history or something. It would help cross reference sites. Thanks

I've already dumped my Safari history. However, I sent a copy to Apple via the Feedback Assistant for El Capitan (Mac OS 10.11 BETA). Another copy of sugr.swf downloaded a few minutes ago. I was on Wunderground's Wundermap at the time. A Get Info on the file showed that it came from Vindico.com and may have been associated with doubleclick - the ad side. Happy hunting!

Did you visit any Apple-related blogs or sites? If so, can you please name them?

As in my first post, the only anomaly for my MBP today was the App Store's downloading OS X El Capitan Public Beta Version 6. The App Store for updating software and this forum site were my only visits to Apple sites today.

Right. I'm not talking about Apple-owned sites. I'm talking about sites that may talk about Apple, such as MacRumors etc. Did you visit any of those?

No.

From the information I accumulated as to my experience today, coupled with what I've read at several websites about .swf files, I believe it safe to say that the problem came from the Wunderground website. I may be able to replicate that by emptying my history and cookies, et al, then visiting only the Wunderground website. I'll get back to you with the results.

The .swf files are, according to what I've read, only capable of playing Flash videos. However, I'm not willing to open them. If you like, provide me with your e-mail address and I will send you the next sugr.swf file that downloads to my MBP.

Not interested in the file, thanks 🙂

You mind keeping us posted about what happens in the next few hours or days?

No problemo. I just logged into http://www.wunderground.com/wundermap/. Prior to doing so, Safari had only two cookies. That number immediately swelled to 38, so far, and the sugr.swf file downloaded yet again. I'll go back and clean it up, then avoid the wundermap for awhile in hopes that they clean up the (probable) adware infestation.

If you develop any recommendations or warnings, please notify me. Also, if I may be of assistance in diagnosing or remedying, please notify me. I'm a retired investigator who stills enjoys the pursuit.

I've done a bit of research and I think (note that I think and I might be entirely wrong) that this is not malware but just a flash ad that doesn't trigger properly. VindicoSuite appears to be a legit ad network of some sort, and surprise: they have a product called Sugr. This makes me believe it is not actual malware but just a bad ad that doesn't behave as it should. But again, I could be wrong. I'll let you know if I do find out anything interesting.

Mahalo!

I am getting the same thing. From my Get Info

"https://sdk.vindicosuite.com/sugr/swf/r/sugr.swf?vpaid=0&ppid=1&plid=373304&clid =3&volume=0&vasturl=https%3A%2F%2Fx.vindicosuite.com%2Fserve%2F%3Fv%3D5%3Bm%3D4% 3Bl%3D373304%3Bc%3D850421%3Bb%3D3642054%3Bad%3DCLjkFhDHpQoY5gsgASgEMJmCATi2VUCs6 xBIlIYNUPXzM1jGpd4BYImoAmiplx5wAngBiAEA%3Bxid%3D7824513083741692956%3Ba%3D37897% 3Bdsd%3Dhttp%253A%2F%2Fimgur.com%3Bpasmc%3Dhttps%3A%2F%2Fbid.g.doubleclick.net%2 Fxbbe%2Fcreative%2Fclick%253Fd%253DAPEucNWrNWc-bw_cb-8AAwc04goPPiBz7X7NA_oP57Cps pZ85TRgKJt-KZgHS2hPu5BpZ7v3BxfseAK2fTkMbWb5A3dBCgnX7A%2526r1%253D%3Bpuid%3D8%3Br %3D%253Creferrer_escaped%253E%3Brnd%3D727114%3Bsurl%3Dhttps%3A%2F%2Fimgur.com%2F gallery%2FxFUKf7a%3Btagid%3D21249%3Bts%3D1441287581%3Bu%3D%253Cpage_url_escaped% 253E&stagew=300&stageh=250" title="https://sdk.vindicosuite.com/sugr/swf/r/sugr.swf?vpaid=0&ppid=1&plid=373304&clid =3&volume=0&vasturl=https%3A%2F%2Fx.vindicosuite.com%2Fserve%2F%3Fv%3D5%3Bm%3D4% 3Bl%3D373304%3Bc%3D850421%3Bb%3D3642054%3Bad%3DCLjkFhDHpQoY5gsgASgEMJmCATi2VUCs6 xBIlIYNUPXzM1jGpd4BYImoAmiplx5wAngBiAEA%3Bxid%3D7824513083741692956%3Ba%3D37897% 3Bdsd%3Dhttp%253A%2F%2Fimgur.com%3Bpasmc%3Dhttps%3A%2F%2Fbid.g.doubleclick.net%2 Fxbbe%2Fcreative%2Fclick%253Fd%253DAPEucNWrNWc-bw_cb-8AAwc04goPPiBz7X7NA_oP57Cps pZ85TRgKJt-KZgHS2hPu5BpZ7v3BxfseAK2fTkMbWb5A3dBCgnX7A%2526r1%253D%3Bpuid%3D8%3Br %3D%253Creferrer_escaped%253E%3Brnd%3D727114%3Bsurl%3Dhttps%3A%2F%2Fimgur.com%2F gallery%2FxFUKf7a%3Btagid%3D21249%3Bts%3D1441287581%3Bu%3D%253Cpage_url_escaped% 253E&stagew=300&stageh=250">https://sdk.vindicosuite.com/sugr/swf/r/sugr.swf?vpaid=0&ppid=1&plid=373304&clid =3&volume=0&vasturl=https%3A%2F%2Fx.vind…

As I suspected in my previous post, this is an ad gone bad. Not necessarily dangerous, but it's just not behaving the way it should. I had that ad show on my site yesterday and I contacted one ad network I work with who immediately disabled it. This ad is still going around other sites though, but again, I don't think there is much to worry about. Maybe avoid visiting these sites for a bit until they figure out the ad is bad and turn it off.

Of interest is that it's only Safari that's vulnerable.

Chrome, my primary browser and Opera my secondary browser do not have this problem.