A new Harry Potter-themed worm is making its way into USB drives across the globe, posing as a file containing a copy of Harry Potter and the Deathly Hallows, the eagerly-anticipated final novel in the Harry Potter series.
Web security firm, Sophos has warned computer users of the worm called W32/Hairy-A, which claims to reveal the secrets of the latest book.
According to Sophos, the worm can automatically infect a PC when users plug in USB drives which carry the infected file. If the users have allowed USB drives to ‘auto-run’ they will see a file called ‘HarryPotter-The Deathly Hallows-doc’. The corrupted Word document simply states that ‘Harry Potter is dead’ while the worm then locates other removable drives that it could infect.
Also, after infecting Windows computers, the Hairy-A worm then creates several new users which have the same name as main characters from the Harry Potter series namely Hermione Granger, Harry Potter and Ron Weasly. After logging in, users are shown a message saying “Read and repent. The end is near, repent from your evil ways O ye folks, lest you burn in hell..JK Rowling especially.”
Every time an infected user opens the Internet Explorer browser, their start page will be redirected to an Amazon.com Web page, selling a spoof copy of Rowling’s latest novel, called “Harry Putter and the Chamber of Cheesecakes.”
Sophos describes the malware as an ‘old school’ virus written to cause mischief and to show off, rather than to rake in illicit funds. Security experts at firm advise users to disable the auto-run facility of Windows so removable devices such as USB keys and CD ROMs do not automatically launch when they are attached to a PC. Also, computer users are advised to check removable media checked for malware before use.
This is the second attempt by miscreants to use the popularity of Harry Potter to exploit PC users. In 2005, web crooks tried to trick users into paying for a supposed advance copy of Harry Potter and the Half-Blood Prince a few weeks before the release of the sixth book in the series. The year before, a virus posed as a copy of the film Harry Potter and the Prisoner of Azkaban on peer-to-peer file-sharing networks.
