Hary.A
The Hary.A worm is a dangerous network-aware worm infection that has been active since 2007. This worm can proliferate on its own from one PC to another and is considered to be a severe threat to a computer's security and to all computer systems in contact with the infected computer, either directly through a network connection or indirectly through email or removable memory devices. Although Hary.A is several years old, Hary.A is still active in the wild as of April of 2012. ESG security analysts have detected a recent outbreak of Hary.A worm infections through files claiming to be the recent Harry Potter and the Deathly Hallows movie. Because of this, ESG security analysts strongly advise against downloading pirated movies or other copyrighted material from suspicious sources.
Hary.A in particular is designed to take advantage of inexperienced computer users attempting to use file sharing services. As part of its infection process, Hary.A will open a Microsoft Word document with the DOC extension which contains the message: "Harry Potter is dead." A Hary.A worm infection will generally include files named HarryPotter-TheDeathlyHallows.doc, HarryPotter-TheDeathlyHallows.exe, and Hary.A's autorun file which allows Hary.A to launch automatically as soon as an infected drive is connected to a computer system. Among its effects, Hary.A will also change the Internet Explorer window title bar so that it will display the message "JK Rowling owns you."
A Closer Look at a Hary.A Worm Attack
As part of its attack, Hary.A will also disable certain Windows components that are helpful in dealing with a malware infection. Hary.A can run from a removable drive and from read-only media like a CD-ROM. As soon as Hary.A runs, Hary.A will carry out the following malicious tasks:
- Drop the DOC file onto the root directory of the infected computer's hard drive.
- Minimize all system windows so that the message contained in DOC file is displayed prominently.
- Creates a directory in the Windows folder named "Cache" and copies its files to this directory.
- Makes the infected computer system run the executable file every half hour automatically from 8:30 am to 7:00 pm.
- Attempts to create user accounts on the infected computer system corresponding to the major characters in the Harry Potter Universe.
- Creates a TXT file that contains the following message:
Harry Potter is a dumb kid,so is Daniel
.
Ron Weasley is ugly but who cares
.
Hermione is pretty and exploited but who cares?
.
Dumbledore is old and haggard but who cares?
.
JK Rowling was an ex-witch but who cares, betcha didn't know.
.
All we care is that......
.
Harry Potter is gonna die!
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.