14 DAY TRIAL // Security researchers warn that malware distributors have launched a Harry Potter-themed campaign, which promises free access to the latest movie in the series. Blackhat search engine optimization techniques and comment spam are used to attract potential victims.
Malware analysts from security vendor PC Tools advise users interested in downloading the upcoming "Harry Potter and the Half Blood Prince" movie in advance of its official screening scheduled for 15 July to stay clear of "optimised, illegitimate links within the blogosphere."
Malware distributors are posting comments on blogs and social bookmarking websites, such as Digg and Blogspot, with texts reading, "Watch 'Harry Potter and the Half-Blood Prince' online free." PC Tools analysts note that, "Concurrently, comment posts are filled with related keywords to attract more search engines."
The comments link to a blogspot page, which is filled with images from the soon-to-be released movie, in an attempt to make the trick more convincing. The page is riddled with more links that, when clicked, offer users the possibility of viewing the film online.
As usual, there's one string attached – a special streaming application is allegedly required to view the movie. Therefore, the user gets prompted to download a file called "streamviewer," which is actually the malware installer.
This trick is similar to the already notorious "required video codec" attacks, like the Leighton Meester leaked tape one we recently reported. "Fans are advised to wait until its release in cinemas in mid July (global) or at least download and purchase movies from trusted, legitimate sources," the security researchers note.
Just like with other campaigns attempting to capitalize on global events or news of great public interest, the Harry Potter series itself benefiting from a sizeable fan base, the attacks are expected to increase and mutate. As more cybercriminal groups will pick up the same theme, malware is likely to spread under similar promises on P2P file-sharing networks or via spam e-mails.