Home / malwarePDF  

Trojan:Win32/Pameseg.A


First posted on 28 December 2012.
Source: Microsoft

Aliases :

There are no other names known for Trojan:Win32/Pameseg.A.

Explanation :



Trojan:Win32/Pameseg.A is an installer that requires you send an SMS or mobile text message to a premium number to successfully install certain programs, some of which are otherwise available for free. It is a member of the Win32/Pameseg family of installers.

Currently, variants of Pameseg target Russian speakers.

The installer claims that when you send the SMS message, you will receive a code that you can use to complete installation of the program. However, this has not been verified.

Trojan:Win32/Pameseg.A usually claims to be an installer for certain types of programs which usually fall under the following categories (note that this list is not exhaustive):

  • Key generators
  • Password recovery tools
  • Pirated games and game cheat codes
  • Pirated Microsoft products
  • Social networking plugins


In the wild, Pameseg has been seen to contain the following software:

  • Adobe Flash Player
  • Adobe Reader
  • ALAWAR Keygen 2011
  • Aluminum WMP
  • BitDefender
  • Counter-Strike-Condition-Zero
  • DjVu Solo
  • DrWeb Anti-virus
  • GTA SA Mega Chat Pack
  • Kaspersky Internet Security
  • Media Player Classic
  • Microsoft DirectX
  • Microsoft FrontPage
  • Mirabilis ICQ
  • Mozilla Firefox
  • NOD32 Anti-virus
  • Opera
  • QIP 2005
  • Rambler ICQ 7
  • Skype
  • Sony VEGAS PRO
  • SpeedFan
  • STDU Viewer
  • VKSaver
  • Windows update patch
  • WinRAR
  • Word 2007
  • WPE Pro
  • µTorrent


Installers detected as Trojan:Win32/Pameseg.A may appear similar to any of the following:





The installer is usually created using ZipMonster, an application that allows the installer to be packaged with different user interfaces so that it may look as close to the original installer as possible.

Aside from payment via SMS messages, you may also be instructed to pay using web-based payment services such as Webmoney, PayPal, or credit cards. Note that these services are legitimate but are being used with malicious intent by Pameseg.

More information about Pameseg is available in the following blog posts from the MMPC:

  • Easy Money: Program:Win32/Pameseg (part one)
  • Easy Money: Program:Win32/Pameseg (part two)
Related encyclopedia entries

Win32/Pameseg



Analysis by Methusela Cebrian Ferrer and Jaime Wong

Last update 28 December 2012

 

TOP