Harry Potter and the worm of doom
Summary
Topics
British software and services company Sophos reported that infections by the three-month-old "P" variant of Netsky have risen dramatically over the past week, thanks to the worm's ability to disguise itself as a Harry Potter game or book. The heavily promoted movie "Harry Potter and the Prisoner of Azkaban" opened earlier this week in Britain and premiers Friday in North America.
"Netsky-P targets young computer users by sometimes posing as content connected with the Harry Potter books and movie franchise," Graham Cluley, senior technology consultant at Sophos, said in a statement. "Parents need to educate their children against the threats of viruses, to ensure the popularity of Potter doesn't cast a nasty spell on their computer systems."
The original Netsky worm started spreading in February and quickly spawned more flavors than a Bertie Bott's Every Flavor Beans package.
The P variant has been particularly successful, though, thanks to engineering that disguises the worm's payload as one of dozens of potentially tempting files, from Harry Potter content to X-rated photos of Britney Spears.
Such spoofing is a popular "social engineering" technique to get recipients to open malicious files. Previous pests have disguised themselves as naked photos of actress Jennifer Lopez, match-making software and a memo from the recipient's IT administrator.
Like most Netsky versions, the P variant spreads mainly through file-sharing networks, making it a potential threat to services such as Kazaa.
The Harry Potter connection helped Netsky-P, which emerged in March, stage a comeback tour this week. Antivirus firm Trend Micro listed it as the most common piece of malware--malicious software--over the past seven days, with more than 45,000 infections detected by the company.
Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Facebook Activity
