Safari malware offers Flash Upgrade
I have the latest OS X and latest Safari installed on a macbook purchased 2 months ago.
When I try to access wunderground.com, after navigation there, one of several types of dialogue boxes will open that tell me that my Flash is out of date.
Trying to escape this mess, one may end up downloading several files that portend to be .dmg files that have an update to Adobe Flash. If one mounts these disks, it is immediately obvious that these .dmg did not come from Adobe.
One of the web sites that this web page refers you to is: http://liveupdate.upgrade-pro.org
I don't suppose anyone would be surprised to discover this is in Europe.
I have gone to the Adobe site and ensured I've installed the latest flash. This did not stop the pop-ups.
I turned off flash and deleted it completely according to Adobe instructions. The pop-ups still happen.
I've tried several other "off-the-wall" ideas that I won't mention here to avoid embarrassment.
I have another macbook set up looking at exactly the same pages from wunderground.com. It has not had these dialogue boxes pop up.
This is not the first box to show up, but note that this is a really, really old version of Flash
This is an alternate dialogue box that might appear. This one comes from a totally different web site
This problem (AFAIK) only affects wunderground.com pages (which are not affected on my other computer)
Here is a trace route to the web site that is pushing this bogus flash on me.
bash-3.2$ traceroute liveupdate.upgrade-pro.org
traceroute to liveupdate.upgrade-pro.org (62.210.93.163), 64 hops max, 52 byte packets
1 10.0.1.1 (10.0.1.1) 4.267 ms 1.139 ms 1.886 ms
2 cpe-50-113-48-1.hawaii.res.rr.com (50.113.48.1) 27.453 ms 23.238 ms 10.457 ms
3 24.25.234.97 (24.25.234.97) 31.455 ms 31.439 ms 32.666 ms
4 agg29.milnhixd01r.hawaii.rr.com (72.129.45.182) 17.099 ms 20.391 ms 18.195 ms
5 agg31.lsancarc01r.socal.rr.com (72.129.45.0) 64.323 ms 63.733 ms 62.789 ms
6 bu-ether16.lsancarc0yw-bcr00.tbone.rr.com (66.109.6.102) 66.545 ms 63.616 ms 72.398 ms
7 0.ae1.pr1.lax00.tbone.rr.com (107.14.17.250) 64.161 ms
0.ae0.pr1.lax00.tbone.rr.com (107.14.17.248) 65.878 ms 69.105 ms
8 ix-24-0.tcore1.lvw-los-angeles.as6453.net (66.110.59.81) 68.727 ms 69.074 ms 67.782 ms
9 if-3-2.tcore1.pdi-palo-alto.as6453.net (66.198.127.25) 306.654 ms 239.873 ms 305.031 ms
10 if-1-2.tcore1.nyy-new-york.as6453.net (66.198.127.6) 306.852 ms * *
11 if-3-2.thar1.njy-newark.as6453.net (66.198.70.21) 229.511 ms 532.619 ms *
12 if-4-2.tcore1.l78-london.as6453.net (80.231.130.33) 524.233 ms 476.479 ms
if-7-2.tcore1.l78-london.as6453.net (66.198.70.26) 290.903 ms
13 if-3-6.tcore1.pye-paris.as6453.net (80.231.130.86) 482.792 ms * *
14 * * *
15 if-34-2.thar1.vi8-vitry-sur-seine.as6453.net (80.231.153.58) 329.678 ms * *
16 5.23.24.6 (5.23.24.6) 280.537 ms 306.226 ms 310.611 ms
17 * * *
18 62-210-93-163.rev.poneytelecom.eu (62.210.93.163) 343.930 ms 310.188 ms 331.720 ms
bash-3.2$
MacBook Pro with Retina display, OS X Yosemite (10.10.4), 500G Flash Drive 8Gig memory