The link to "download Flash update" on CNN is to a site with a pw domain – that's Palau.
I think the OP's point was that having something like this come up on a major web presence like CNN seemed unusual. Do they not vet what ads are attached to their web site? Do they normally allow pop-up ads to hijack the page like this? There is no way to dismiss this without closing the window (I didn't have to quit Safari). I could not get to the CNN article I wanted to read. Of course I didn't take the bait, it was obviously fake (actually, I wouldn't have clicked it if it was real either!). The Q is, why am I seeing this on a major news web site like CNN?
It was happening just on CNN for me. But it happened on a site called statcounter. I have deleted all the Safari data once again and so far so good.Same is happening to me but only at cnn.com, same redirect to same pw domain.
I am seeing this zoyufo.pw crap tonight on nytimes.com and thehill.com as well as cnn.comHappening to me tonight on CNN.com as well
This is what Combo Cleaner came up with per my post about the fix two messages up (as I write this):
THIS ONE IT SAY IS “SUSPICIOUS” [THOUGH THE LIKELY ISSUE]:
Suspicious system configuration - hijacked Internet browsers
Various browser and system settings override techniques are a sign of an active browser hijacker on your system. Commonly used hijackersL Weknow.ac, safefinder.com and Anysearchmanager.com
I was not familiar with ComboCleaner and I downloaded on the MacBook Air that was having this problem. It found the same issue, but its annoying that ComboCleaner will not say more unless you pay up 40 USD to get the premium. I wonder if ComboCleaner just says that even if the problem is benign in hopes that someone bites out of fear?
Malwarebytes (free) and CleanMyMac (free) don’t find ANY of this. I'm running Avast Security (free version) now to see what it says.
Also not familiar with Avast. I downloaded it, but it won't install on my MacBook Air because I have Sophos installed on it, which did not find any issues.
If you didn't run the installer you won't have any problems. I've been getting that same page you've been seeing. I'm getting it everywhere. I even got it on MacRumors. It's coming from a compromised ad that's being served on one or more major ad networks. Hidden in one of the ads is a redirect script sending you to a shady website. The identity of that shady website keeps changing too.