back to article Harry Potter worm claims death of teen wizard

Hackers are attempting to exploit Potter-mania with the release of a worm that attempts to infect USB memory drives. The Hairy-A worm poses as a file containing a copy of Harry Potter and the Deathly Hallows, the eagerly-anticipated final novel in the Harry Potter series, due out on 21 July. The infected file normally comes …

COMMENTS

This topic is closed for new posts.
  1. Martin Owens

    Auto-Run

    You mean there are still computers out there that automatically execute code from external media? Why did Microsoft not pay any attention to all those floppy drive viri that infected old apple macintoshes for exactly the same reason.

    One reason I like usb drives formatted to fat32; there isn't a chance in hell anything on there will have executable permissions (644) but still how many different things need to be done when external media is plugged in that warrants trusting the files on the device?

  2. Anonymous Coward
    Anonymous Coward

    USB drives don't autorun

    ...unless you edit your registry settings. By default, only CD drives do - that's why someone had to invent U3 and give it a pseudo-CD partition.

  3. Dillon Pyron

    Autorun?

    I thought that went the way of floppies. Of course, given the number of PCs infected with the Sony trojan, I guess it's still out there.

  4. Spike Ravenscroft

    Haha

    I'm tempted to say that anyone who gets infected by this deserves it.

    They shouldnt be trying to get hold of a copy of the book before publication date.

    They should wait like everyone else :p

    Sorry but, i'm a bit precious about books.

  5. Anonymous Coward
    Anonymous Coward

    Having experience with another auto run warm

    We are also having experience with another auto run warm. That contains two file names: ntdetect.exe and autorun.ini. Is there any one let me know to remove this

    Md. Arifur Rahaman

    arif@covantabd.com

  6. Md. Arifur Rahaman

    Having experience with another auto run warm

    We are also having experience with another auto run warm. That contains two file names: ntdetect.exe and autorun.ini. Is there any one let me know to remove this

    Md. Arifur Rahaman

    arif@covantabd.com

  7. Demian Phillips

    Windows XP and Autorun

    Actually you will find that XP (SP2 fullt slipstreamed fresh install) by default turns on autorun for all drive letters.

    When you insert a memory stick, USB drive enclosure or anything it will pop up a box and start scanning for media types, and once it thinks it knows what you put in brings up a "What do you want to do every time this is inserted" dialog screen.

    I have verified this on OEM and corporate installs.

    I believe you can change this with a policy editor, and you can turn it off with the tweakui power toy (if you go into this you will see that it is turned on for all drive letters).

  8. Azrafael

    The windows autorundown.

    My job requires to have my thumbdrive to be utilized on different xp terminals to assist me in my work which i won't talk more of now. I would like to share my workaround on this common issue to those who are usnure.

    Most usb worms works with super-hidden-files which usually involves 2 files: autorun.inf and an executable

    Assuming your personal system is windows based, use dos to view attributes of your drive to look thru and delete it it. No thumbdrive requires any autorun.inf less it's one of those 'secure-usb-password-thingies'.

    Else just read up on this quick article for registry settings on superhidden:

    http://www.windowsitpro.com/Articles/ArticleID/14931/14931.html

    For autorun disabling, the quickest and complete form of customizing is by using the WindowsPowerToys-TweakUI

    http://download.microsoft.com/download/f/c/a/fca6767b-9ed9-45a6-b352-839afb2a2679/TweakUiPowertoySetup.exe

    Hope this helps those in need,

    Cheers.

    PS: Plugging a personal thumbdrive on other windows systems is like not using a condom.

This topic is closed for new posts.