Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Harry Potter Worm - New Usb Based Worm Spreading


  • Please log in to reply
No replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:03:07 AM

Posted 05 July 2007 - 11:46 AM

USB based worm attacks are growing extensively in popularity

They work in a similar to the floppy worms years ago in automatically spreading. As a best practice, users should lock down CD, DVD, and USB devices so that they don't automatically run content where applicable. Keeping AV protection up-to-date is also needed based on the increased levels of malware attacks which are surfacing.

Harry Potter worm - New USB based Worm spreading
http://www.theregister.co.uk/2007/07/02/harry_potter_worm/

QUOTE: Hackers are attempting to exploit Potter-mania with the release of a worm that attempts to infect USB memory drives. The Hairy-A worm poses as a file containing a copy of Harry Potter and the Deathly Hallows, the eagerly-anticipated final novel in the Harry Potter series, due out on 21 July. The infected file normally comes on infected USB drives. If users plug these drives into their Windows PCs they are liable to infect their machines, especially if they have allowed USB drives to "auto-run".


Hairy.A Worm - Sophos Press Release and Virus Info
http://www.sophos.com/pressoffice/news/art...7/06/hairy.html
http://www.sophos.com/virusinfo/analyses/w32hairya.html

QUOTE: With just weeks remaining until the release of the last ever Harry Potter novel, and the imminent premiere of the fifth movie in the franchise, Sophos has warned of a new computer worm exploiting Potter-mania around the world. The W32/Hairy-A worm can automatically infect a PC when users plug-in USB drives, which carry a file posing as a copy of the eagerly anticipated novel, "Harry Potter and the Deathly Hallows". If the users have allowed USB drives to 'auto-run' they will see a file called HarryPotter-TheDeathlyHallows.doc. Inside this Word document file is the simple phrase "Harry Potter is dead." The worm then looks for other removable drives to infect.


W32/Autorun.worm.g (Move to DAT 5067 or higher)
http://vil.nai.com/vil/content/v_142616.htm

QUOTE: This detection is for a worm which attempts to spread to removable drives by creating an Autorun.inf file, which will run the worm automatically, if systems which use the removable drive are set to Autorun.


Hairy.A Worm - F-Secure information
http://www.f-secure.com/v-descs/worm_w32_hairy_a.shtml

QUOTE: This malware was written in AutoIt scripting. It uses an icon of MS Winword.



Hairy.A Worm - Trend Virus Description & Behavior Diagram
http://www.trendmicro.com/vinfo/virusencyc...ORM%5FHAIRY%2EA
http://www.trendmicro.com/vinfo/images/WORM_HAIRY_A_BD2.gif

QUOTE: This worm arrives as a dropped file through removable drives. It spreads by dropping copies of itself in all physical, removable, and floppy drives. It also drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.


Numerous additional references:

http://www.google.com/search?hl=en&q=harry+potter+worm

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users