liveupdate.upgrade-pro.org: Malware install

Report · Aug 29, 2015

My Safari 8.08 running on Yosemite 10.10.5

started getting notices from liveupdate.upgrade-pro.org that Flash was out of date.

That trace routes to europe:

18 62-210-93-163.rev.poneytelecom.eu (62.210.93.163) 351.661 ms 371.931 ms 235.220 ms

A couple of dialogue boxes will come up that result in you downloading a .dmg file that looks like it may have come from Adobe.

adobe_flashplayer_e2c7b_Setup.dmg. Since this happens multiple times you may end up with several of these files.

(I ended up with 10 or more)

But if you mount it, the "install" button is junk.

I went to the adobe site and updated Flash from there. This did not stop the pop-ups.

I had to clear my Safari history for the last day And

From the Flash Preferences panel, I deleted all local storage settings and under the Advanced Tab I deleted all browsing and data settings.

I also unchecked the "open safe files" option in Safari Preferences

This did not fix the problem. While on wunderground.com a new dialogue box has shown up.

Anyone have a clue how to stop it?

Report · Aug 29, 2015

I uninstalled Flash Player according to these instructions. And rebooted the computer.

The message from update-pro.org is not showing up at this point.

Uninstall Flash Player | Mac OS

FWIW: The message would show up when looking at these pages:

Hurricane Ignacio: Tracking Map | Weather Underground

Hurricane Jimena: Tracking Map | Weather Underground

So far, I haven't missed Flash.

Report · Aug 29, 2015

Even with flash removed, when I go to the wunderground web pages the dialogues warning of Flash being out of date.

I set up a second MacBook with the same OSx and Safari. It is not having the problem with the false flash update windows.

However my original MacBook is still will see the update dialogs and, so far, only on the wunderground pages. I've been to other sites.

Report · Aug 30, 2015

It is now 12 hours later. My computer was off for that period and I am now in Fiji.

The malware dialogue I was getting no longer shows up.

Consider that the two sites I was getting the error message from appear to be CDNs (content delivery networks) I am hypothesizing that someone hacked those sites rather than any particular malware being installed on my computer. Call me "Herman Cain" I have no evidence to back this up.

Report · Sep 10, 2015

HI KauaiZ,

Flash Player is not delivered from liveupdate.upgrade-pro.org and the file name you posted is also not a valid Flash Player installer (the screenshot is also not a screenshot of a valid installer, although it's very, very close). If you have the entire URL for this site, please message it to me and I will forward it to our fraud department to follow-up on. Adobe does actively go after malicious sites who distribute fake/malicious installers.

--

Maria

Report · Sep 10, 2015

http://liveupdate.upgrade-pro.org/?tract=8seuWbUMRbCAn2uKSWwJD97VdDp_m0fj7pmXoZk7sfo.&cid=P23P440904...

This is one of them. There are others. Be careful, it will take over your web browser.

You will have to quit your browser and disconnect from the internet to get it to stop showing up.

Report · Sep 11, 2015

Thank you, KauaiZ. I will forward this to our fraud department.

--

Maria

Report · Sep 14, 2015

Hi KauaiZ,

The site has been taken down. If you get other URLs please send me a message and I'll forward them to the fraud department.

--

Maria

Adobe Community

liveupdate.upgrade-pro.org: Malware install