PandaLabs has reported the appearance of a new worm, FTLog.A, which spreads through the popular Fotolog social networking site. This foto-blogging portal is used by almost 30 million users around the world.
The worm spreads by inserting comments in the targeted user’s page prompting them to click a link, supposedly pointing to a video. This comment reads as follows:
If the user clicks the link, the system will ask for permission to download a DivX video codec, which is actually the FTLog.A worm.
Once installed, the worm redirects the browser to a site with explicit content and a Web page that asks users for their data in order to claim a (false) prize.
If the user clicks Get Free Access a setup.exe file is downloaded which, once run, installs the MediaPass Plugin.
It also changes the Internet home page and injects code into the browser to display pop-up ads, disrupting the user’s browsing experience.