Beware, Harry Potter fans. The next time you open a file advertised as a new game featuring the young wizard, you could be inviting the Netsky-P worm to cast an evil spell on your PC.
Virus experts at Sophos warn that while the Netsky-P fix has been available since March, so many computers have been infected that the worm enjoys continued success by posing as e-mail messages and links billed as new games, videos and other entertainment. With the theatrical release of "Harry Potter and the Prisoner of Azkaban," the worm is targeting Potter fans eager to play the latest games.
"Echoing a technique used in 2000 by the Pikachu worm, Netsky-P targets young computer users by sometimes posing as content connected with the Harry Potter books and movie franchise," said Graham Cluley, senior technology consultant for the Abingdon, U.K.-based antivirus software maker. Parents need to educate their children on the threats of worms and viruses to ensure Potter's popularity doesn't leave their computers open to attack, he added.
In this case, Netsky-P disguises itself as a Harry Potter computer game when spreading on file-sharing systems. The worm spreads via e-mail and Internet file-sharing systems and was the second most commonly reported virus to Sophos last month after the infamous Sasser worm. Unlike Sasser, which infects computers without any user interaction, the Netsky-P worm has to tempt PC users into launching an infected file. Netsky-P has been bombarding e-mail gateways with thousands of instances of itself in the last few days, Cluley said.
In the past, Netsky-P has also disguised itself as Britney Spears/Eminem photos and videos, Cluley said. Another popular disguise: Saddam Hussein.
Cluley said those who have updated protection should be safe, but that "so many computers have already been infected it'll take a long time to clean them up. Be careful about what you open, and if you haven't patched already, you should do so."