With just weeks remaining until the release of the last ever Harry Potter novel, and the imminent premiere of the fifth movie in the franchise, Sophos has warned of a new computer worm exploiting Potter-mania around the world.
The W32/Hairy-A worm spreads by copying itself onto USB memory sticks, posing as a copy of the eagerly-anticipated novel "Harry Potter and the Deathly Hallows".
Windows users who allow affected flash drives to 'autorun' are automatically infected by the worm when it is attached to their PC. A file called
can be found in the root directory of infected USB drives. Inside the Word document file is the simple phrase "Harry Potter is dead."
After infecting Windows computers, the worm creates a number of new users - namely the main characters from JK Rowling's celebrated series of books about student wizards: Harry Potter, Hermione Granger and Ron Weasley.
After logging in, users are shown the following message via a batch file:
read and repent
the end is near
repent from your evil ways O Ye folks
lest you burn in hell...JK Rowling especially
n addition, everytime infected users open Internet Explorer they will find their start page has been redirected to an Amazon.com web page selling a spoof book entitled "Harry Putter and the Chamber of Cheesecakes".
"Much of the world is waiting with bated breath for the final Harry Potter novel, and the premiere of the new movie is looming too. There is a real danger that muggles will blindly allow their USB flash drives to auto-run and become infected by this worm," said Graham Cluley, senior technology consultant for Sophos. "Using such social engineering at this time is a trick dastardly enough for Lord Voldemort himself."