The Register®

Original URL: http://www.theregister.co.uk/2004/06/04/netsky-p_harryp/

'Potter-mania' fuels spread of NetSky-P

Worm - like Voldemort - just won't die

By John Leyden

Posted in Malware, 4th June 2004 09:37 GMT

Free whitepaper – Rack mount solutions

The frenzy surrounding the latest Harry Potter cinematic offering is helping to keep the prevalent NetSky-P worm alive.

Almost three months on from the first sighting of NetSky-P (http://www.sophos.com/virusinfo/analyses/w32netskyp.html) back in late March the worm still poses a significant threat. El Reg inboxes are bombarded with hundreds of copies of the worm each day and we're far from alone. AV firm Sophos places NetSky-P as the second most common irritant last month, second only to the infamous Sasser (http://www.theregister.co.uk/2004/05/04/sasser_worm/) worm. Unlike Sasser, which infects computers without any user interaction, NetSky-P has to tempt PC users into launching an infected file. Netsky-P worm spreads via email and file-sharing systems.

Sophos reckons NetSky-P owes some of its continued 'success' to its ability to disguise itself as a Harry Potter computer game when spreading on file-sharing systems. With the first screening of Harry Potter and the Prisoner of Azkaban this week, Potter fans - eager to play the latest games - seem to be dropping their guard.

Netsky-P echoes the four year-old Pikachu (http://www.sophos.com/virusinfo/articles/pikachu.html) worm in targeting young people by using a fictional kid's character. It's far from the first time virus writers have used the references to Harry Potter in inducements to open malicious code. Winur-C (http://www.sophos.com/virusinfo/analyses/w32winurc.html) and Banuris-B (http://www.sophos.com/virusinfo/analyses/w32banurisb.html) posed as cracks to computer games involving the young wizard in their attempts to ensnare the unwary. Forlorn-D (http://www.sophos.com/virusinfo/analyses/w32forlornd.html) posed as a movie clip from Harry Potter And The Sorcerors Stone (sic), among other things. ®

Related stories

Viruses up - or down (http://www.theregister.co.uk/2004/06/01/virus_stats/)
Netsky tops virus charts by a country mile (http://www.theregister.co.uk/2004/04/01/netsky_tops_virus_charts_by/)
Trust me I'm clean, claims virus (http://www.theregister.co.uk/2004/03/25/trust_me_im_clean_claims/)
Warner Bros scraps Harry Potter legal actions (http://www.theregister.co.uk/2001/03/19/warner_bros_scraps_harry_potter/)