As millions of fans around the world get ready for the release of the final Harry Potter book and the premiere of the latest Harry Potter movie, many are finding an unwelcome surprise on their PC - a Harry Potter worm.
The W32/Hairy-A worm is carried on USB drives and is capable of automatically infecting a PC when an infected USB stick is plugged in. Once plugged in infected sticks appear to carry a file containing the final novel. If users allow the USB drives to auto-run a word file called, "Harry Potter - The Deathly Hallows," will appear and inside the word document contains the phrase "Harry Potter is dead." The worm then goes on to infect other removable drives on the system.
After infecting Windows the worm creates new users on the machine, specifically Harry Potter, Hermione Granger and Ron Weasley. Upon logging in users will come to find a grim message, "read and repent/ the end is near/ repent from your evil ways O Ye folks/ lest you burn in hell...JK Rowling especially."
The last component of the worm is that every time a user opens Internet Explorer, they will be directed to a fake Amazon.com page selling a spoof Harry Potter book entitled, "Harry Putter and the Chamber of Cheesecakes."
"The fact that this worm has been inspired by the tales of a fictional schoolboy wizard doesn't make it a harmless prank. A worm like this, which infects and tampers with users' computers without their permission is committing a criminal act," said Graham Cluley, senior technology consultant for Sophos.
"This is an 'old school' virus, written to give the author a platform to show off rather than to steal identities or cash," Cluley continued. "This person isn't being driven by the desire to inflate his or her bank account, but by a loathing for JK Rowling and her incredibly popular books."
