Today, suddenly started getting this website popping up. System is OSX.

https://flash-playerupdate.icu/_P5kE...L2QV5K1KP1DPKI

Note, it's not the real Adobe website. Anyone else seeing it?

 

Anyone, anyone Bueller, anyone?

 

Not seeing it myself, to answer your question.

That said, the fake flash player update is a really old game that is not confined to CorvetteForum or its network.

Apparently, anyone can report such fake update sites directly to Adobe:
https://forums.adobe.com/thread/2477746

 

I have been getting it for about a week also!

 

Old or not, this is coming from your site. And I am not getting it from any other site I visit.

 

 

Yesterday for me and it started a download on its own. Like mentioned above, it's not exclusive to CF.

I think it's targeted to Mac's and as long as you don't mount the disk you should be okay. I only got it when I had to turn off my adblock for another site... if adblock is stoping it, could be an indication it's in an advertisement.

 

Again, those reading need to know this is not specific to CorvetteForum and is a trick that has been going around for years. In other words, be warned that this is an issue to be aware of. If you do a Google search, you will find out just how common this issue has been for Apple users for years. The point I was making is this is not a specific ad to CorvetteForum and CorvetteForum itself is not technically hosting it and there is no substitute for being aware.

We can investigate and report the fake URL, which we will, but you anyone can also report those fake URLs as I linked.

 

The only time I ever get it is when I an on CF, no other site does this redirect on me.

 

I have the same problem and it's been going on for a few days.

This morning I experimented with a number of different browsers for Mac OS: Safari, Safari Technology Preview, Firefox, Waterfox, Opera, Rocat and Tor. All are current versions. Opera and Tor did not display the fake flash page. All of the others did and the only site at which this occurred was the Corvette Forum. Ran a Malwarebytes scan on my machine and came up clean.

I'm on Mac OS 10.13.6 using a Mid-2012 Mac Pro

 

I have been on many other sites today without any issues, then I took a look at C5 General. After the 3rd occurrence in as many minutes I gave up. It's targeted at Macs because it claims that Apple has detected Flash Player is out of date. And Corvette Forum needs to take it seriously. Personally, I am out of here for a while - will check back in a few weeks to see if things have been cleaned up.

 

Yeah, I have more technical details in this thread:

https://www.corvetteforum.com/forums...alyst-com.html

The Corvette Forum isn't doing this. The bad actors are slipping it through the advertising networks that advertise on CF. I also have hit these on other websites, including CNN, Foxnews and others. It doesn't take any user interaction to hit, when the ad image rotates to the next one, the malware loads its image and script and does the re-direct to their site.

The ad networks should be doing a better job of filtering all this stuff out, however, the hackers are clever and have figured out how to circumvent them, lately by embedding data in an image binary so they aren't detected, along with a javascript that decodes into the URL to lead you to the malware site.

The Mac Users get this one in particular, and it is to try to get you to download and install "MacKeeper" and installs an adware trojan onto your system.

However, it affects PC users, who will get directed to, "PC Cleaner" downloads.

This also how those "Amazon Winner" and other damn annoying pop ups come from.

I'd like to help CF work with their advertising partners to stop this garbage. I have collected a lot of data on what is happening and how.

At a deeper level, the browser writers need to do something about it too. They should disable javascript's ability to redirect your browser without your consent. they should also let us get a better debugging trail of how the hijacks happen.

 

I have had it for more than 2 weeks now. I have searched for it in the admin files on my MAC and cannot find anything, but I am a USER not an IT tech. I have tried MALWAREBYTES and FSECURE scans with no success in finding the trojan. There is a lot of info on it in the web, but most from the 2012 era on the APPLE site. I don't think it is CORVETTE FORUM specific, as it has occurred on other forum sites. I have never even used ADOBE FLASH PLAYER on the MAC.
My concern is if it is a TROJAN, it may be collecting data from my personal files including financial information. This is bad as this is tax time and everyone is filing through the internet.
If anyone comes up with a resolution, please share it.

Ron

 

Browsing with javascript turned off. No popups - no ads at all. Bliss.

 

With Javascript turned off, some web sites are not accessible.
I cleared history and cookies and turned off java, but still the fake Adobe file is hidden in my HHD. Wish I knew more of what files I am looking for to delete. Not computer literate here.

 

Turning it on and off on the Mac is simple. One click in preferences. One cookie to delete is "advertisingfeed". That site seems to be a pathway into the Adobe scam and there are a number of warnings of malware if you do a google search on that name.