Worm spreads on Fotolog social networking website

PandaLabs has reported the appearance of a new worm, FTLog.A, which spreads through the popular Fotolog social networking site. This foto-blogging portal is used by almost 30 million users around the world.

The worm spreads by inserting comments in the targeted user’s page prompting them to click a link, supposedly pointing to a video. This comment reads as follows:

If the user clicks the link, the system will ask for permission to download a DivX video codec, which is actually the FTLog.A worm.

Once installed, the worm redirects the browser to a site with explicit content and a Web page that asks users for their data in order to claim a (false) prize.

If the user clicks Get Free Access a setup.exe file is downloaded which, once run, installs the MediaPass Plugin.

It also changes the Internet home page and injects code into the browser to display pop-up ads, disrupting the user’s browsing experience.