Panda Security has reported the appearance of a new worm, FTLog.A, which spreads through the popular Fotolog social networking site, a photo-blogging portal used by almost 30 million users around the world.
“Cyber-crooks are increasingly exploiting social networking sites to spread their creations as they offer a huge number of potential victims,” says Jeremy Matthews, head of Panda’s sub-Saharan operations. “We have already seen malicious code that exploits Facebook or Twitter. Unfortunately, this time it’s Fotolog’s turn.”
The worm spreads by inserting comments in the targeted user’s page prompting them to click a link, supposedly pointing to a video. This comment reads as follows: “hey xxxxxxxxx, encontré este video tuyo acá” – hey xxxxxxxxx (user name), I found a video of you here. If the user clicks the link, the system will ask for permission to download a divx video codec, which is actually the worm.
Once installed, FTLog.A redirects the browser to a site with explicit content and a webpage that asks users for their data in order to claim a (false) prize. If the user clicks Get Free Access a setup.exe file is downloaded which, once run, installs the MediaPass Plugin.
It also changes the Internet home page and injects code into the browser to display pop-up ads, disrupting the user’s browsing experience.
To prevent this type of infection it is important to remind users not to click suspicious links from unknown senders and keep an up-to-date antivirus solution installed on their computers.
More information is available at Panda’s encyclopaedia.
For pictures of this infection, check out Panda’s Flickr stream.