Harry Potter Worm/Virus Claims Potter is Dead

By Sharon Gaudin, InformationWeek

Can't wait to find out what happens to Harry Potter when the final book in the series comes out this month? Be careful where you get your spoilers from.

Security researchers are warning people not to be lured in by online promises of information about the outcome of the final battle at Hogwarts. Sophos Inc. reported that a new worm is taking advantage of the Potter mania that is starting to build around the world.

The worm, which is hidden in USB drives, isn't particularly damaging, according to Allysa Myers, a researcher with McAfee Avert Labs. In her blog, Myers said the worm "doesn't try to steal any system information, diddle with your data, or own your box -- it just makes system changes such that your system becomes largely unusable."

With the millions of people waiting with bated breath for the final Harry Potter novel, and the premiere of the new movie coming in less than two weeks, hackers will be tempted to take advantage of the excitement, Graham Cluley, senior technology consultant for Sophos, said.

"There is a real danger that muggles will blindly allow their USB flash drives to auto-run and become infected by this worm," he said in a written statement. "Using such social engineering at this time is a trick dastardly enough for Lord Voldemort himself."

The final installment in J.K. Rowling's seven-book series, "Harry Potter and the Deathly Hallows," is set to be released on July 21. The previous book was the fastest-selling book in U.S. history, selling

6.9 million copies in the United States in the first 24 hours, according to a report on CNN.

The W32/Hairy-A worm is set up to automatically infect a PC when users plug-in USB drives, which carry a file posing as a copy of the novel. If users allow USB drives to "auto-run" they will see a file called HarryPotter-TheDeathlyHallows.doc. Inside the Word file is the simple phrase, "Harry Potter is dead." Sophos researchers report the worm then looks for other removable drives to infect.

After infecting Windows computers, the worm creates a number of new users, namely the book's main characters -- Harry Potter, Hermione Granger and Ron Weasley. After logging in, users are shown the following message via a batch file: "read and repent; the end is near; repent from your evil ways O Ye folks; lest you burn in hell ... JK Rowling especially."

Cluley explained in an interview that the malware writer originally embedded the worm on a USB memory stick and then simply got it into the hands of an unsuspecting user. The malware spreads when a user shares the stick with a friend or colleague who wants to access a file on it. A user might go to a meeting and share the stick with everyone in the room, spreading the worm further. The trick, said Cluley, is not to use a memory stick that you just pick up somewhere.

"This is an 'old school' virus, written to give the author a platform to show off rather than to steal identities or cash," said Cluley. "This person isn't being driven by the desire to inflate his or her bank account, but by a loathing for JK Rowling and her incredibly popular books."

Copyright 2007 CMP Media LLC.

Reply to
Sharon Gaudin, Information Wee
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.