Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Harry Potter Worm - New Usb Based Worm Spreading

  • Please log in to reply
No replies to this topic

#1 harrywaldron


    Security Reporter

  • Members
  • 509 posts
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:06:21 AM

Posted 05 July 2007 - 11:46 AM

USB based worm attacks are growing extensively in popularity

They work in a similar to the floppy worms years ago in automatically spreading. As a best practice, users should lock down CD, DVD, and USB devices so that they don't automatically run content where applicable. Keeping AV protection up-to-date is also needed based on the increased levels of malware attacks which are surfacing.

Harry Potter worm - New USB based Worm spreading

QUOTE: Hackers are attempting to exploit Potter-mania with the release of a worm that attempts to infect USB memory drives. The Hairy-A worm poses as a file containing a copy of Harry Potter and the Deathly Hallows, the eagerly-anticipated final novel in the Harry Potter series, due out on 21 July. The infected file normally comes on infected USB drives. If users plug these drives into their Windows PCs they are liable to infect their machines, especially if they have allowed USB drives to "auto-run".

Hairy.A Worm - Sophos Press Release and Virus Info

QUOTE: With just weeks remaining until the release of the last ever Harry Potter novel, and the imminent premiere of the fifth movie in the franchise, Sophos has warned of a new computer worm exploiting Potter-mania around the world. The W32/Hairy-A worm can automatically infect a PC when users plug-in USB drives, which carry a file posing as a copy of the eagerly anticipated novel, "Harry Potter and the Deathly Hallows". If the users have allowed USB drives to 'auto-run' they will see a file called HarryPotter-TheDeathlyHallows.doc. Inside this Word document file is the simple phrase "Harry Potter is dead." The worm then looks for other removable drives to infect.

W32/Autorun.worm.g (Move to DAT 5067 or higher)

QUOTE: This detection is for a worm which attempts to spread to removable drives by creating an Autorun.inf file, which will run the worm automatically, if systems which use the removable drive are set to Autorun.

Hairy.A Worm - F-Secure information

QUOTE: This malware was written in AutoIt scripting. It uses an icon of MS Winword.

Hairy.A Worm - Trend Virus Description & Behavior Diagram

QUOTE: This worm arrives as a dropped file through removable drives. It spreads by dropping copies of itself in all physical, removable, and floppy drives. It also drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.

Numerous additional references:


BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users