– Fotolog is a photo-blogging site with almost 30 million users worldwide

– The worm tricks users with a video that conceals the dangerous worm

 

PandaLabs has reported the appearance of a new worm, FTLog.A, which spreads through the popular Fotolog social networking site. This foto-blogging portal is used by almost 30 million users around the world.
The worm spreads by inserting comments in the targeted user’s page prompting them to click a link, supposedly pointing to a video. This comment reads as follows (see image in Flickr: http://www.flickr.com/photos/panda_security/4384612808/):

“hey xxxxxxxxx, encontré este video tuyo acá (hey xxxxxxxxx (user name), I found a video of you here

(Malicious link)

Eres tu no es verdad? (It’s you, isn’t it?)

If the user clicks the link, the system will ask for permission to download a divx video codec, which is actually the worm (see image in Flickr http://www.flickr.com/photos/panda_security/4384612850/).

Once installed, FTLog.A redirects the browser to a site with explicit content and a Web page that asks users for their data in order to claim a (false) prize (see image in Flickr http://www.flickr.com/photos/panda_security/4384612782/).  If the user clicks Get Free Access a setup.exe file is downloaded which, once run, installs the MediaPass Plugin. 

It also changes the Internet home page and injects code into the browser to display pop-up ads, disrupting the user’s browsing experience.

“Cyber-crooks are increasingly exploiting social networking sites to spread their creations as they offer a huge number of potential victims”, explains Luis Corrons, Technical Director of PandaLabs. “We have already seen malicious code that exploits Facebook or Twitter. This time it is Fotolog’s turn unfortunately”.

To prevent this type of infection it is important to remind users not to click suspicious links from unknown senders and keep an up-to-date antivirus solution installed on their computers.
More information available at the Panda Security Encyclopedia (http://pandasecurity.lin3sdev.com/homeusers/security-info/about-malware/encyclopedia/).