Is Harry Potter dead? A flash drive worm says so

Share this article:

Harry Potter, the boy wizard whose adventures have sold millions of books and box office tickets, is dead — at least according to malware writers.

Hackers have launched a new worm, called W32.Hairy-A, which downloads a message of Potter's untimely death. The malware can automatically infect a PC when users plug in a malicious USB drive.

The malware follows a hacker’s claim that he breached the network of the series’ U.K. publisher, Bloomsbury Publishing, and uncovered the end of the seventh and last book in author J.K. Rowling’s series.

The claim, posted on a hacker website and mailing list, was quickly denounced as a likely fake by information security experts.

The malicious removable drives claim to have a copy of the last book in the blockbuster series, Harry Potter and the Deathly Hallows, in a Word document. The malware automatically downloads if users have USB drives set to auto-run.

The document itself contains only the simple phrase, "Harry Potter is dead."

After the worm infects PCs, it creates a number of new users — whose icons are visible at the XP operating system’s start screen — named for Potter, Hermione Granger and Ron Weasley, all main characters in the series.

Affected users are shown a message after start-up, reading, "The end is near; repent from your evil ways, o ye folks. Lest you burn in hell … J.K. Rowling especially. Press any key to continue…"

Infected PCs also have their Internet Explorer homepages reset to the Amazon.com page for a spoof book, Harry Putter and the Chamber of Cheesecakes.

Ron O’Brien, senior security analyst at Sophos, told SCMagazine.com today that the worm’s complexity suggests that it is likely a side project of a hacker using his or her skills to make malware for financial gain.

"What was peculiar, when the labs got it, they didn’t necessarily see what the malware is before they grab it. In this case, they got the malware and they cracked it open and it says, "Harry Potter is dead." And then they did a little more looking, and it turned out to be a worm infecting the USB drive," he said. "There are a number of things being done here that is interesting, and the intent is to make it appear like you’ve stumbled upon a real application."

Graham Cluley, senior technology consultant for Sophos, said Thursday that the malware takes advantage of public appetite for the series' conclusion.

"Much of the world is waiting with bated breach for the final Harry Potter novel, and the premiere of the new movie is looming too. There is a real danger that muggles will blindly allow their USB flash drives to auto-run and become infected by this worm," he said. "Using social engineering at this time is a trick dastardly enough for Lord Voldemort himself."

"Someone needs to get a little more sunshine in their diet and put their energies into a more positive pursuit than writing malicious code like this," he said.

 

 

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.