Washington State

Office of the Attorney General

Attorney General

Bob Ferguson

Dawn Pirkel sent an e-mail message last Wednesday, reminding me to RSVP for a conference. However, there was no conference and the sender’s real intent seemed to be to infect my computer with spyware.

The subject line read “meeting confirmation.”  The mysterious Dawn -- a pseudonym, no doubt – wrote, “Please don't forget about our conference meeting on Monday. And remember to RSVP for the Meetup group. You can review the schedule for the entire day here: … I'll make sure to provide you with a complete spending report before Monday.”

The message included a Web link, purportedly to the meeting agenda. Clicking on the link resulted in a prompt to save a file called VIEW_EVENT_DOC.PIF.

Rebecca Henderson, our computer investigations guru, said that the file name could be a ploy to trick the recipient into thinking they’re downloading a Word document. But notice the “PIF”; that’s normally used to create a shortcut that contains instructions for another program.

Rebecca found that downloading the file could result in your computer being infected with Spyeye, a nasty program known to monitor information you type onto Web forms and steal login credentials. If this spyware is on your computer, you’ll find a file named C:\cleansweep.exe\cleansweep.exe.  

Rebecca also discovered that “Dawn” sent her message from Romania.

Here’s what tipped me to suspect the file was a hoax. First, I don’t know anyone named Dawn Pirkel. Second, I didn’t recall having a conference on Monday and I surely wasn’t expecting to receive a spending report. And third, I use Meetup.com and know that Meetup groups are for social events; it’s unlikely a business meeting would be set up that way.

The lesson here: Don’t download attachments or click on links sent by people you don’t know. And be sure to arm your computer with a firewall and anti-virus and anti-spyware software.

 

 

Categories

Recent Posts

Blogroll & Consumer News

Product Recalls

Resources