I will often use the Weather Underground website to check the forecast, but I may start using the National Weather Service’s site instead. If I leave a tab on my web browser at work on the Weather Underground site, the image in this post will eventually result. The browser is an up-to-date Firefox without Adobe Flash running on Windows 7. It gets redirected to another website, always with a different domain name, and always with two seemingly random numbers in the path (visible in the image when large enough). The page looks like it is for downloading Adobe Flash, but isn’t on Adobe’s website. It sure stinks of malware. It may be coming from something like an advertisement that can sneak a redirection into the web page rather than content generated by Weather Underground, or maybe they have a more direct breach of security. Either way, I’m sure Weather Underground wouldn’t do this, but it is still annoying.
The issue has occurred five times over more than a month, maybe two, on the same computer. I did attempt to inform them of the issue, but I haven’t seen any indication that anyone took it seriously. It has happened twice since then.
At home, I run Firefox on Linux and do have Flash installed, although I usually have it disabled. The issue never happens there. I haven’t yet tried on another system without Flash, but suspect that may trigger the redirection.
What this doesn’t answer is what happens when this malware could redirect a browser, but finds one with Flash installed and enabled instead. I also didn’t accept this download. I’m not employed to do security research, and the IT department is quite distant.