The Register®

Original URL: http://www.theregister.co.uk/2004/06/04/netsky-p_harryp/

'Potter-mania' fuels spread of NetSky-P

Worm - like Voldemort - just won't die

By John Leyden

Posted in Malware, 4th June 2004 09:37 GMT

Free whitepaper – Application Performance Management:

The frenzy surrounding the latest Harry Potter cinematic offering is helping to keep the prevalent NetSky-P worm alive.

Almost three months on from the first sighting of NetSky-P [1] back in late March the worm still poses a significant threat. El Reg inboxes are bombarded with hundreds of copies of the worm each day and we're far from alone. AV firm Sophos places NetSky-P as the second most common irritant last month, second only to the infamous Sasser [2] worm. Unlike Sasser, which infects computers without any user interaction, NetSky-P has to tempt PC users into launching an infected file. Netsky-P worm spreads via email and file-sharing systems.

Sophos reckons NetSky-P owes some of its continued 'success' to its ability to disguise itself as a Harry Potter computer game when spreading on file-sharing systems. With the first screening of Harry Potter and the Prisoner of Azkaban this week, Potter fans - eager to play the latest games - seem to be dropping their guard.

Netsky-P echoes the four year-old Pikachu [3] worm in targeting young people by using a fictional kid's character. It's far from the first time virus writers have used the references to Harry Potter in inducements to open malicious code. Winur-C [4] and Banuris-B [5] posed as cracks to computer games involving the young wizard in their attempts to ensnare the unwary. Forlorn-D [6] posed as a movie clip from Harry Potter And The Sorcerors Stone (sic), among other things. ®

Related stories

Viruses up - or down [7]
Netsky tops virus charts by a country mile [8]
Trust me I'm clean, claims virus [9]
Warner Bros scraps Harry Potter legal actions [10]