Tomshardware Linking to Fake Malicious Adobe Flash

turkey3_scratch

Polypheme
Herald
Tomshardware is the only site doing this right now. I keep getting a Javascript confirmation message saying my Adobe Flash is outdated (obviously fake) and needs updated, if you click okay it downloads a fake Adobe flash from a suspicious website. Why is Toms doing this?

No, I did not run the exe, but don't do it people it is fake.
 

turkey3_scratch

Polypheme
Herald
It seems to have stopped now. It was only when I refreshed a Tomshardware page or went anywhere on Toms. I forget the domain, and it doesn't seem to be in my history (since it took me to a download rather than a webpage). It was something like edownloader27.com or something weird. But it was a pop-up not a link, I should correct myself. Well, a popup that took you to a link if you clicked okay.

I don't think this is anything on my side (i.e. virus) because it only happened on Toms and it specifically read "Tomshardware requires the latest version of Adobe Flash. Yours is outdated".
 

cleanshot911

Reputable
Oct 28, 2014
765
0
5,360
140
Yeah I got the exact same problem. All I did was go to Adobe's official website and manually install their plugin. When I came back to Toms I stopped having the problem. But yeah you might want to watch out for that and warn people Blackbird. In case you were wondering the link came from esoftsware24.com, so you might want to throw a PSA out there to avoid clicking on anything related to that.
 

cleanshot911

Reputable
Oct 28, 2014
765
0
5,360
140


Yeah I honestly have no idea what happened, but it doesn't seem to be happening anymore. Not sure if that's something I did to make it stop on my end, but it seems like people aren't running into the problem anymore.
 

turkey3_scratch

Polypheme
Herald


Now it is gone again. Weird. Yeah a random "Flash" download appeared in my Chrome download bar. Fortunately, Google Chrome is secure and said "This item is not downloaded often. Discard?" and I discarded it. I'll screenshot next time.
 

itmoba

Reputable
Aug 14, 2015
768
0
5,360
110
Use httrack to clone the website and archive it. Post me/us a link. I'm sure I'll be able to spot the problem fairly quickly.

[edit -- update]
Also, like SR-71, I haven't seen the problem myself on Safari or Chrome.
 

ASK THE COMMUNITY