Description:
To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
Malware Overview
This worm arrives via removable drives.
It spreads by dropping copies of itself in all physical, removable, and floppy drives. It also drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.
When executed, it drops several files, including the non-malicious file %System Root%\HarryPotter-TheDeathlyHallows.doc. This Microsoft Word document contains the following details:
Harry Potter is dead.
(Note: %System Root% is the root folder, which is usually C:\. It is also where the operating system is located.)
Below is a screenshot of the said document:
It also displays a command prompt window, which contains the following message, at every system startup:
Title: read and repent
Message:
the end is near
repent from your evil ways O Ye folks
lest you burn in hell...JK Rowling especially
It uses the default icon of MS Word in an attempt to trick users into thinking that it is a normal document. It restarts the affected system each time it is executed.
For additional information about this threat, see:
Solution
Technical Details
Description created: Jul. 1, 2007 5:16:44 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
