The eagerly anticipated final Harry Potter novel seems to have hackers working overtime, with security software company Sophos warning of a new computer worm exploiting global Potter-mania and claiming Harry is dead.
According to Sophos, the W32/Hairy-A worm spreads by copying itself onto USB memory sticks, posing as a copy of the eagerly-anticipated novel “Harry Potter and the Deathly Hallows”.
![]() Click to enlarge |
After infecting Windows computers, the worm creates a number of new users for the PC named after characters in the Potter series. After logging in, users are shown the following message via a batch file:
read and repent
the end is near
repent from your evil ways O Ye folks
lest you burn in hell…JK Rowling especially
![]() Click to enlarge |
In addition, infected users open Internet Explorer they will find their start page has been redirected to an Amazon.com web page selling a spoof book entitled “Harry Putter and the Chamber of Cheesecakes”.
“Much of the world is waiting with bated breath for the final Harry Potter novel, and the premiere of the new movie is looming too. There is a real danger that muggles will blindly allow their USB flash drives to auto-run and become infected by this worm. Using such social engineering at this time is a trick dastardly enough for Lord Voldemort himself,”said Sophos Senior Technology Consultant Graham Cluley.
“Seriously, the fact that this worm has been inspired by the tales of a fictional schoolboy wizard doesn’t make it a harmless prank. A worm like this which infects and tampers with users’ computers without their permission is committing a criminal act. Someone needs to get a little more sunshine in their diet and put their energies into a more positive pursuit than writing malicious code like this,” he added.
The warning follows another alleged hack reported earlier this week on www.insecure.org claiming to have penetrated Harry Potter’s publisher to retrieve a manuscript of the yet-to-be-released novel. Interestingly, this alleged hack had a religious theme too, with the hacker in question citing religious reasons for doing the hack.
See: www.sophos.com.au/security/blog/2007/06/297.html