Weather Underground’s security issue

Malware download page

Image of the malware download page

I will often use the Weather Underground website to check the forecast, but I may start using the National Weather Service’s site instead. If I leave a tab on my web browser at work on the Weather Underground site, the image in this post will eventually result. The browser is an up-to-date Firefox without Adobe Flash running on Windows 7. It gets redirected to another website, always with a different domain name, and always with two seemingly random numbers in the path (visible in the image when large enough). The page looks like it is for downloading Adobe Flash, but isn’t on Adobe’s website. It sure stinks of malware. It may be coming from something like an advertisement that can sneak a redirection into the web page rather than content generated by Weather Underground, or maybe they have a more direct breach of security. Either way, I’m sure Weather Underground wouldn’t do this, but it is still annoying.

The issue has occurred five times over more than a month, maybe two, on the same computer. I did attempt to inform them of the issue, but I haven’t seen any indication that anyone took it seriously. It has happened twice since then.

At home, I run Firefox on Linux and do have Flash installed, although I usually have it disabled. The issue never happens there. I haven’t yet tried on another system without Flash, but suspect that may trigger the redirection.

What this doesn’t answer is what happens when this malware could redirect a browser, but finds one with Flash installed and enabled instead. I also didn’t accept this download. I’m not employed to do security research, and the IT department is quite distant.

Advertisements

Tags: , , , , ,

2 Responses to “Weather Underground’s security issue”

  1. John Miller Says:

    The same thing is happening to me now when using Firefox – it redirects to an official-looking Firefox page that tells me I need to download an important Firefox update. Weather Underground should be taking this seriously.

    • jjackowski Says:

      I recently got one of those, too, but I know that isn’t how the Mozilla Foundation sends out Firefox updates. Same crazy looking URL, so the same people are probably behind it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: