Harry Potter Fans Beware of Windows Worm

Sophos has warned Harry Potter fans not to open an e-mail that claims to contain the final installment of the boy wizard book series.

Security companies have intercepted an e-mail promising a copy of Harry Potter and the Deathly Hallows—which is not due for release until July 21. But rather than getting a sneak preview of the book, impatient muggles who click on the file will instead find their PC infected by the W32/Hairy-A worm.

“The W32/Hairy-A worm can automatically infect a PC when users plug in USB drives, which carry a file posing as a copy of the eagerly anticipated novel—’Harry Potter and the Deathly Hallows,’” said Sophos. “If the users have allowed USB drives to ’auto-run’ they will see a file called HarryPotter-TheDeathlyHallows.doc.”

Instead of the full text of JK Rowling’s highly anticipated book, the Word document includes the phrase, “Harry Potter is dead.”

After infecting Windows computers, the worm creates a number of new users—namely the main characters from Rowling’s celebrated series of books about student wizards: Harry Potter, Hermione Granger and Ron Weasley.

In addition, every time infected users open Internet Explorer they will find their start page has been redirected to an Amazon.com webpage selling a spoof book titled “Harry Putter and the Chamber of Cheesecakes.”

“Much of the world is waiting with bated breath for the final Harry Potter novel, and the premiere of the new movie is looming too. There is a real danger that muggles will blindly allow their USB flash drives to auto-run and become infected by this worm,” said Graham Cluley, senior technology consultant for Sophos. “Using such social engineering at this time is a trick dastardly enough for Lord Voldemort himself.”

—PC Advisor (UK)