Harry Potter and the worm of doom

References to the bespectacled wizard, who takes over movie theaters this week, help the Netsky virus stage a comeback, particularly among younger, less security-wise Potter fans.

Stay on top of the latest tech news with our free IT News Digest e-newsletter, delivered each weekday. Automatically sign up today!

By David Becker

A leading antivirus company warned Thursday that the Netsky worm was making a comeback on the coattails of fictional wizard Harry Potter.

British software and services company Sophos reported that infections by the three-month-old "P" variant of Netsky have risen dramatically over the past week, thanks to the worm's ability to disguise itself as a Harry Potter game or book. The heavily promoted movie "Harry Potter and the Prisoner of Azkaban" opened earlier this week in Britain and premiers Friday in North America.

"Netsky-P targets young computer users by sometimes posing as content connected with the Harry Potter books and movie franchise," Graham Cluley, senior technology consultant at Sophos, said in a statement. "Parents need to educate their children against the threats of viruses, to ensure the popularity of Potter doesn't cast a nasty spell on their computer systems."

The started spreading in February and quickly spawned more flavors than a package.

The P variant has been particularly successful, though, thanks to engineering that disguises the worm's payload as one of dozens of potentially tempting files, from Harry Potter content to X-rated photos of Britney Spears.

Such spoofing is a popular "social engineering" technique to get recipients to open malicious files. Previous pests have disguised themselves as , and from the recipient's IT administrator.

Like most Netsky versions, the P variant , making it a potential threat to services such as Kazaa.

The Harry Potter connection helped Netsky-P, which emerged in March, stage a comeback tour this week. Antivirus firm Trend Micro listed it as the most common piece of malware—malicious software—over the past seven days, with more than 45,000 infections detected by the company.

Editor's Picks

Free Newsletters, In your Inbox