Is Harry Potter dead? A flash drive worm says so

Share this article:

Harry Potter, the boy wizard whose adventures have sold millions of books and box office tickets, is dead — at least according to malware writers.

Hackers have launched a new worm, called W32.Hairy-A, which downloads a message of Potter's untimely death. The malware can automatically infect a PC when users plug in a malicious USB drive.

The malware follows a hacker’s claim that he breached the network of the series’ U.K. publisher, Bloomsbury Publishing, and uncovered the end of the seventh and last book in author J.K. Rowling’s series.

The claim, posted on a hacker website and mailing list, was quickly denounced as a likely fake by information security experts.

The malicious removable drives claim to have a copy of the last book in the blockbuster series, Harry Potter and the Deathly Hallows, in a Word document. The malware automatically downloads if users have USB drives set to auto-run.

The document itself contains only the simple phrase, "Harry Potter is dead."

After the worm infects PCs, it creates a number of new users — whose icons are visible at the XP operating system’s start screen — named for Potter, Hermione Granger and Ron Weasley, all main characters in the series.

Affected users are shown a message after start-up, reading, "The end is near; repent from your evil ways, o ye folks. Lest you burn in hell … J.K. Rowling especially. Press any key to continue…"

Infected PCs also have their Internet Explorer homepages reset to the Amazon.com page for a spoof book, Harry Putter and the Chamber of Cheesecakes.

Ron O’Brien, senior security analyst at Sophos, told SCMagazine.com today that the worm’s complexity suggests that it is likely a side project of a hacker using his or her skills to make malware for financial gain.

"What was peculiar, when the labs got it, they didn’t necessarily see what the malware is before they grab it. In this case, they got the malware and they cracked it open and it says, "Harry Potter is dead." And then they did a little more looking, and it turned out to be a worm infecting the USB drive," he said. "There are a number of things being done here that is interesting, and the intent is to make it appear like you’ve stumbled upon a real application."

Graham Cluley, senior technology consultant for Sophos, said Thursday that the malware takes advantage of public appetite for the series' conclusion.

"Much of the world is waiting with bated breach for the final Harry Potter novel, and the premiere of the new movie is looming too. There is a real danger that muggles will blindly allow their USB flash drives to auto-run and become infected by this worm," he said. "Using social engineering at this time is a trick dastardly enough for Lord Voldemort himself."

"Someone needs to get a little more sunshine in their diet and put their energies into a more positive pursuit than writing malicious code like this," he said.

 

 

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.