Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

USB memory worm uses Harry Potter as bait.

Sophos : 29 June, 2007  (Technical Article)
Harry Potter e-mail contains worm which infects victims computer and attaches auto-run file in USB memory devices which can then infect other computers.
With just weeks remaining until the release of the last ever Harry Potter novel, and the imminent premiere of the latest movie, IT security and control firm Sophos is warning of a new computer worm that is exploiting Potter-mania around the world.

The Hairy-A worm can automatically infect a PC when users plug-in USB drives, which carry a file posing as a copy of the eagerly anticipated novel, 'Harry Potter and the Deathly Hallows'. If the users have allowed USB drives to 'auto-run' they will see a file called 'HarryPotter-TheDeathlyHallows.doc' - inside this Word document file is the simple phrase 'Harry Potter is dead.' The worm then looks for other removable drives to infect.

'Much of the world is waiting with bated breath for the final Harry Potter novel, and the premiere of the new movie is looming too. There is a real danger that muggles will blindly allow their USB flash drives to auto-run and become infected by this worm,' said Graham Cluley, senior technology consultant for Sophos. 'Using such social engineering at this time is a trick dastardly enough for Lord Voldemort himself.'

The worm also attempts to create a number of new users on infected comptuers - namely the main characters from JK Rowling's celebrated series of books about student wizards: Harry Potter, Hermione Granger and Ron Weasley.

After logging in, users are shown the following message via a batch file:

'read and repent

the end is near
repent from your evil ways O Ye folks
lest you burn in hell...JK Rowling especially'

The worm's final trick is that every time infected users open Internet Explorer, they will find their start page has been redirected to a spoof web page selling a book entitled 'Harry Putter and the Chamber of Cheesecakes'.

'The fact that this worm has been inspired by the tales of a fictional schoolboy wizard doesn't make it a harmless prank,' continued Cluley. 'A worm like this, which infects and tampers with users' computers without their permission, is committing a criminal act. Someone needs to get a little more sunshine in their diet and put their energies into a more positive pursuit than writing malicious code like this.'

Recently experts at Sophos have reported an increasing trend for cybercriminals to spread malware via USB devices. Earlier this month, the LiarVB-A worm hunted for USB devices and once it had infected a system, it dropped an HTML file containing a message about AIDS and HIV to the user's drive.

Sophos recommends companies protect themselves with a consolidated solution which can defend against the threats of viruses, spyware, spam and hackers.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo