Navigation Top
AGO Logo Graphic
AGO Header Image
File a Complaint
Contact the AGO
All Consuming
Return to main blog
Computer spyware poses as meeting reminder

Computer spyware poses as meeting reminder

(Internet Safety, Privacy, Scams, Identity Theft) Permanent link

Dawn Pirkel sent an e-mail message last Wednesday, reminding me to RSVP for a conference. However, there was no conference and the sender’s real intent seemed to be to infect my computer with spyware.

The subject line read “meeting confirmation.”  The mysterious Dawn -- a pseudonym, no doubt – wrote, “Please don't forget about our conference meeting on Monday. And remember to RSVP for the Meetup group. You can review the schedule for the entire day here: … I'll make sure to provide you with a complete spending report before Monday.”

The message included a Web link, purportedly to the meeting agenda. Clicking on the link resulted in a prompt to save a file called VIEW_EVENT_DOC.PIF.

Rebecca Henderson, our computer investigations guru, said that the file name could be a ploy to trick the recipient into thinking they’re downloading a Word document. But notice the “PIF”; that’s normally used to create a shortcut that contains instructions for another program.

Rebecca found that downloading the file could result in your computer being infected with Spyeye, a nasty program known to monitor information you type onto Web forms and steal login credentials. If this spyware is on your computer, you’ll find a file named C:\cleansweep.exe\cleansweep.exe.  

Rebecca also discovered that “Dawn” sent her message from Romania.

Here’s what tipped me to suspect the file was a hoax. First, I don’t know anyone named Dawn Pirkel. Second, I didn’t recall having a conference on Monday and I surely wasn’t expecting to receive a spending report. And third, I use and know that Meetup groups are for social events; it’s unlikely a business meeting would be set up that way.

The lesson here: Don’t download attachments or click on links sent by people you don’t know. And be sure to arm your computer with a firewall and anti-virus and anti-spyware software.



Posted by Kristin Alexander All Consuming Blog Moderator at 03/24/2010 11:57:30 AM | 

These come in many forms. Got one today in .zip format. Claimed to be from FaceBook staff and wanted me to click on the attached file. Return path was from

Email headers looked like this:

From: Facebook Accounts <>
Subject: Facebook Password Reset Confirmation! Customer Support.
Date: March 24, 2010 12:40:50 PM PDT

[AGO BLOG MODERATOR'S COMMENT. This post included lengthy information from the email header, including the recipient's email address. It has been edited for length and privacy.]
Posted by: Gordon Medley ( Email ) at 3/24/2010 1:28 PM

Due to the nature of password stealers, spyware, malware, and worms spread insanely quick these days. Having an uptodate antivirus solution is absolutely imperative, but is no guarantee one is safe from malicious software. The best line of defense is the user them self, never opening any files, emails, or links that seem suspicious.
Posted by: George Steel ( Email ) at 4/28/2010 8:15 AM

Leave a comment
Name *
Email *

All comments are reviewed to ensure compliance with our Blog Comment and Use Policy. Comments are generally posted within two business days. Send Feedback
Content Bottom Graphic
AGO Logo