Is Harry Potter dead? A flash drive worm says so

Share this article:

Harry Potter, the boy wizard whose adventures have sold millions of books and box office tickets, is dead — at least according to malware writers.

Hackers have launched a new worm, called W32.Hairy-A, which downloads a message of Potter's untimely death. The malware can automatically infect a PC when users plug in a malicious USB drive.

The malware follows a hacker’s claim that he breached the network of the series’ U.K. publisher, Bloomsbury Publishing, and uncovered the end of the seventh and last book in author J.K. Rowling’s series.

The claim, posted on a hacker website and mailing list, was quickly denounced as a likely fake by information security experts.

The malicious removable drives claim to have a copy of the last book in the blockbuster series, Harry Potter and the Deathly Hallows, in a Word document. The malware automatically downloads if users have USB drives set to auto-run.

The document itself contains only the simple phrase, "Harry Potter is dead."

After the worm infects PCs, it creates a number of new users — whose icons are visible at the XP operating system’s start screen — named for Potter, Hermione Granger and Ron Weasley, all main characters in the series.

Affected users are shown a message after start-up, reading, "The end is near; repent from your evil ways, o ye folks. Lest you burn in hell … J.K. Rowling especially. Press any key to continue…"

Infected PCs also have their Internet Explorer homepages reset to the page for a spoof book, Harry Putter and the Chamber of Cheesecakes.

Ron O’Brien, senior security analyst at Sophos, told today that the worm’s complexity suggests that it is likely a side project of a hacker using his or her skills to make malware for financial gain.

"What was peculiar, when the labs got it, they didn’t necessarily see what the malware is before they grab it. In this case, they got the malware and they cracked it open and it says, "Harry Potter is dead." And then they did a little more looking, and it turned out to be a worm infecting the USB drive," he said. "There are a number of things being done here that is interesting, and the intent is to make it appear like you’ve stumbled upon a real application."

Graham Cluley, senior technology consultant for Sophos, said Thursday that the malware takes advantage of public appetite for the series' conclusion.

"Much of the world is waiting with bated breach for the final Harry Potter novel, and the premiere of the new movie is looming too. There is a real danger that muggles will blindly allow their USB flash drives to auto-run and become infected by this worm," he said. "Using social engineering at this time is a trick dastardly enough for Lord Voldemort himself."

"Someone needs to get a little more sunshine in their diet and put their energies into a more positive pursuit than writing malicious code like this," he said.



Share this article:

Sign up to our newsletters

More in News

Medical transcription provider settles data security charges

GMR Transcription Services in California agreed to settle FTC charges related to its security practices.

Researcher hacks network connected devices in own home

Researcher hacks network connected devices in own home

In his own home, a researcher was able to hack various network connected devices that are not computers and mobile phones.

Study: Most higher ed malware infections attributed to 'Flashback'

Study: Most higher ed malware infections attributed to ...

Flashback caused a stir in 2012 when some 650,000 Macs were infected with the malware.