Tuesday, October 07, 2014

Popup from Major League Baseball wants to install new Adobe Flash Player and new java engine, looks suspicious to me.

Occasionally, I get a pop-up prompting me to install a new Adobe Flash Player and java engine from Major League Baseball (mlb.com), especially when trying to play on of the videos.  It claims to be required and a security update (suspicious) and comes from a URl for an "easy update" company.  This certainly sounds suspicious.  I always just click out of the pop-up (in Chrome) and everything plays normally.

If this is malware somehow placed on the mlb site by hackers, MLB should investigate and remove it.  I've seen it before, but it might become more common during the playoffs and World Series if not stopped.

Webroot does not flag anything, although it might if I actually tried to go to the site that does the update.

It seems to happen only in Windows 8, not in Windows 7 or lower, or on the Mac.

Reputable, well known sites for sports and news do get hacked sometimes.  That seems to be following on the attacks on the payment systems of retailers.  This might be the next trend.

Does anyone have any info?

Update: Nov. 13, 2014

I got the popup today in Chrome when I went to the Washington Nationals' site to learn about trades.  The site seems to be "easycomputerrepars.be".   I doubt that it is legitimate,  The Adobe trademark appears to be reproduced exactly, as are all the scripts.  I'm surprised mlb.com and Adobe haven't put a stop to this.  

No comments: