Dawn Pirkel sent an e-mail message last Wednesday, reminding me to RSVP for a conference. However, there was no conference and the sender’s real intent seemed to be to infect my computer with spyware.
The subject line read “meeting confirmation.” The mysterious Dawn -- a pseudonym, no doubt – wrote, “Please don't forget about our conference meeting on Monday. And remember to RSVP for the Meetup group. You can review the schedule for the entire day here: … I'll make sure to provide you with a complete spending report before Monday.”
The message included a Web link, purportedly to the meeting agenda. Clicking on the link resulted in a prompt to save a file called VIEW_EVENT_DOC.PIF.
Rebecca Henderson, our computer investigations guru, said that the file name could be a ploy to trick the recipient into thinking they’re downloading a Word document. But notice the “PIF”; that’s normally used to create a shortcut that contains instructions for another program.
Rebecca found that downloading the file could result in your computer being infected with Spyeye, a nasty program known to monitor information you type onto Web forms and steal login credentials. If this spyware is on your computer, you’ll find a file named C:\cleansweep.exe\cleansweep.exe.
Rebecca also discovered that “Dawn” sent her message from Romania.
Here’s what tipped me to suspect the file was a hoax. First, I don’t know anyone named Dawn Pirkel. Second, I didn’t recall having a conference on Monday and I surely wasn’t expecting to receive a spending report. And third, I use Meetup.com and know that Meetup groups are for social events; it’s unlikely a business meeting would be set up that way.