By Sharon Gaudin, InformationWeek
Can't wait to find out what happens to Harry Potter when the final
book in the series comes out this month? Be careful where you get your
Security researchers are warning people not to be lured in by online
promises of information about the outcome of the final battle at
Hogwarts. Sophos Inc. reported that a new worm is taking advantage of
the Potter mania that is starting to build around the world.
The worm, which is hidden in USB drives, isn't particularly damaging,
according to Allysa Myers, a researcher with McAfee Avert Labs. In her
blog, Myers said the worm "doesn't try to steal any system
information, diddle with your data, or own your box -- it just makes
system changes such that your system becomes largely unusable."
With the millions of people waiting with bated breath for the final
Harry Potter novel, and the premiere of the new movie coming in less
than two weeks, hackers will be tempted to take advantage of the
excitement, Graham Cluley, senior technology consultant for Sophos,
"There is a real danger that muggles will blindly allow their USB
flash drives to auto-run and become infected by this worm," he said in
a written statement. "Using such social engineering at this time is a
trick dastardly enough for Lord Voldemort himself."
The final installment in J.K. Rowling's seven-book series, "Harry
Potter and the Deathly Hallows," is set to be released on July 21. The
previous book was the fastest-selling book in U.S. history, selling
6.9 million copies in the United States in the first 24 hours,
according to a report on CNN.
The W32/Hairy-A worm is set up to automatically infect a PC when users
plug-in USB drives, which carry a file posing as a copy of the
novel. If users allow USB drives to "auto-run" they will see a file
called HarryPotter-TheDeathlyHallows.doc. Inside the Word file is the
simple phrase, "Harry Potter is dead." Sophos researchers report the
worm then looks for other removable drives to infect.
After infecting Windows computers, the worm creates a number of new
users, namely the book's main characters -- Harry Potter, Hermione
Granger and Ron Weasley. After logging in, users are shown the
following message via a batch file: "read and repent; the end is near;
repent from your evil ways O Ye folks; lest you burn in hell ... JK
Cluley explained in an interview that the malware writer originally
embedded the worm on a USB memory stick and then simply got it into
the hands of an unsuspecting user. The malware spreads when a user
shares the stick with a friend or colleague who wants to access a file
on it. A user might go to a meeting and share the stick with everyone
in the room, spreading the worm further. The trick, said Cluley, is
not to use a memory stick that you just pick up somewhere.
"This is an 'old school' virus, written to give the author a platform
to show off rather than to steal identities or cash," said
Cluley. "This person isn't being driven by the desire to inflate his
or her bank account, but by a loathing for JK Rowling and her
incredibly popular books."
Copyright 2007 CMP Media LLC.