Fortify
Posts: 28 +0
There has been a worm going around, disguised as HarryPotter-TheDeathlyHallows.doc. The news article from below was taken from The Australian Daily Telegraph 29 June 2007
Samson
Harry Potter virus red alert
A NASTY computer worm is taking advantage of the worldwide Harry Potter mania to infect PCs around the globe.
With the release of the last ever Potter book and the premiere of the fifth movie in the franchise, the W32/Hairy-A worm is disguising itself as a copy of the eagerly-anticipated novel Harry Potter and the Deathly Hallows, which releases worldwide on July 21.
Once in the user's system, the worm copies itself onto attached USB memory drives so it can spread to any other PCs it is connected to.
A file called 'HarryPotter-TheDeathlyHallows.doc' can be found on infected PCs and once opened the only words inside are: Harry Potter is dead.
But it doesn't end there.
The worm also creates a number of new Windows users on the computer which are named after the main characters in JK Rowling's popular books including Harry Potter, Hermione Grainger and Ron Weasley.
Logging in to any of these new users and a message which sounds like it appeared from the evil Lord Voldemort himself can be seen: "Read and repent, the end is near, repent from your evil ways O Ye folks lest you burn in hell . . . JK Rowling especially".
In addition whenever infected users open Internet Explorer they will find their home page has been re-directed to an Amazon.com web page selling the spoof book Harry Putter and the Chamber of Cheesecakes.
"Much of the world is waiting with bated breath for the final Harry Potter novel, and the premiere of the new movie is looming too so there is a real danger that muggles will blindly allow their USB flash drives to auto-run and become infected by this worm," says Graham Cluley, senior technology consultant for internet security company Sophos.
"The fact that this worm has been inspired by the tales of a fictional schoolboy wizard doesn't make it a harmless prank.
"A worm like this which infects and tampers with users' computers without their permission is committing a criminal act.
"Someone needs to get a little more sunshine in their diet and put their energies into a more positive pursuit than writing malicious code like this."
Sophos has noticed an increasing global trend for malware authors to spread their destructive code via popular USB memory drives which are used to easily transport digital files.
Users are advised to check the root directory of their USB drives for the suspect Potter files before running their applications or using the drive on another computer.
Samson
