Home / malware Program:Win32/Pameseg.AZ
First posted on 11 April 2012.
Source: MicrosoftAliases :
Program:Win32/Pameseg.AZ is also known as Trojan.SMSSend.2363 (Dr.Web), Win32.CMCArx (Ikarus), PWS-Zbot.gen.ro (McAfee), PremiumSMSScam!gen11 (Symantec).
Explanation :
Program:Win32/Pameseg.AZ is a detection for a software installer that asks the consumer to send an SMS message to a premium number, at their expense, to receive a code that is used to complete a software installation. The wanted software is usually available for free elsewhere.
Top
Program:Win32/Pameseg.AZ is a detection for a software installer that asks the consumer to send an SMS message to a premium number, at their expense, to receive a code that is used to complete a software installation. The wanted software is usually available for free elsewhere.
Installation
Program:Win32/Pameseg.AZ may be distributed as an installer for popular and freely available applications. During the installation process, Pameseg requests a code to continue the installation, as in the following examples:
Additional information
- Avast Antivrus
- Alcohol 120%
- WinRAR
Pameseg reports its execution to a server using a notification string in the following format:
- <server>/excount-new.php?file_id=<numeric string>&hwid=<numeric string>&ver=<numeric string>
The Program:Win32/Pameseg.AZ installer includes a toolbar named "MailRuSputnik" that is installed, with or without sending the SMS code request, as the following:
- %ProgramFiles%\Mail.Ru\Guard\GuardMailRu.exe
- %ProgramFiles%\Mail.Ru\Sputnik\<hexadecimal string>.exe
- %ProgramFiles%\Mail.Ru\Sputnik\MailRuSputnik.dll
- %ProgramFiles%\Mail.Ru\Sputnik\SputnikFlashPlayer.exe
- %ProgramFiles%\Mail.Ru\Sputnik\SputnikHelper.exe
Analysis by Shali Hsieh
Last update 11 April 2012
