• silicon.com
• Technology
• Security

By David Becker, 4 June 2004 08:20

NEWS A leading antivirus company warned Thursday that the Netsky worm was making a comeback on the coattails of fictional wizard Harry Potter.

British software and services company Sophos reported that infections by the three month old "P" variant of Netsky have risen dramatically over the past week, thanks to the worm's ability to disguise itself as a Harry Potter game or book. The heavily promoted movie Harry Potter and the Prisoner of Azkaban opened earlier this week in Britain and premiers Friday in North America.

"Netsky-P targets young computer users by sometimes posing as content connected with the Harry Potter books and movie franchise," Graham Cluley, senior technology consultant at Sophos, said in a statement. "Parents need to educate their children against the threats of viruses, to ensure the popularity of Potter doesn't cast a nasty spell on their computer systems."

The original Netsky worm started spreading in February and quickly spawned more flavors than a Bertie Bott's Every Flavor Beans package.

The P variant has been particularly successful, though, thanks to engineering that disguises the worm's payload as one of dozens of potentially tempting files, from Harry Potter content to X-rated photos of Britney Spears.

Such spoofing is a popular social engineering technique to get recipients to open malicious files. Previous pests have disguised themselves as naked photos of actress Jennifer Lopez, match-making software and a memo from the recipient's IT administrator.

Like most Netsky versions, the P variant spreads mainly through file-sharing networks, making it a potential threat to services such as Kazaa.

The Harry Potter connection helped Netsky-P, which emerged in March, stage a comeback tour this week. Antivirus firm Trend Micro listed it as the most common piece of malware - malicious software - over the past seven days, with more than 45,000 infections detected by the company.

David Becker writes for CNET News.com