Always ready to hitch their creations to current pop-culture events, malware writers have developed a new worm just in time for the release of the latest Harry Potter movie and novel.
The worm, called W32/Hairy-A, automatically infects a PC when users attach USB drives, according to researchers at security vendor Sophos. The worm displays an image of the pending novel "Harry Potter and the Deathly Hallows," the seventh and final book in the popular series by J.K. Rowling that is slated for release in late July. The latest film, "Harry Potter and the Order of the Phoenix," premieres in the US on 11 July.
If the infected PC user has the USB drive set to auto run, a Word document will open that says "Harry Potter is dead," according to researchers. Then the worm begins looking for other removable drives to infect, and attempts to create new Windows users on infected computers using names of Rowling's characters such as Hermione Granger and Ron Weasley.
Upon logging on to Windows, users of infected PCs are greeted by a batch file that reads:
"Read and repent, the end is near, repent from your evil ways O Ye folks, lest you burn in hell…JK Rowling especially. Press any key to continue…”
In addition, users of infected PCs will find their start page in Internet Explorer has been changed to an Amazon.com web page selling a book called "Harry Putter and the Chamber of Cheesecakes," a novel that parodies the original.
While these messages and images seem somewhat benign, Sophos senior technology consultant Graham Cluley says that "a worm like this which infects and tampers with users' computers without their permission is committing a criminal act."
This worm is a throwback to malware of years ago that didn't attempt to steal information for financial gain, but is simply looking for a platform upon which to make a statement, Cluley adds.