Home / malware

PDF

Program:Win32/Pameseg.AK

First posted on 06 March 2012.
Source: Microsoft

Aliases :

Program:Win32/Pameseg.AK is also known as W32/PrivacyCenter.A2.gen!Eldorado (Command), Hoax.Win32.ArchSMS.mkqk (Kaspersky), Trojan.ArchSMS!oiVrsN7gli8 (VirusBuster), Trojan horse FakeAV.ABZF (AVG), TR/Fraud.Gen2 (Avira), Trojan.SMSSend.2159 (Dr.Web), Win32/Hoax.ArchSMS.QT application (ESET), PremiumSMSScam!gen10 (Symantec).

Explanation :

Program:Win32/Pameseg.AK is an installer file that requires the user to send an SMS to a premium number to install a program that is usually available for free.


Top

Program:Win32/Pameseg.AK is an installer file that requires the user to send an SMS to a premium number to install a program that is usually available for free.



Installation

Program:Win32/Pameseg.AK may be bundled with certain software installers. It is usually intended for Russian-speaking users. It imitates legitimate installers by using their icon, for example:



Behavior

Installs programs at a cost

Program:Win32/Pameseg.AK asks the user to send an SMS to a premium number to complete installation of a program, thus incurring cost for the user.

Upon execution, Program:Win32/Pameseg.AK displays messages similar to the following:





The bundled program vary. In the wild, we have observed Program:Win32/Pameseg.AK bundled with free programs, pirated programs, and movies.



Analysis by Daniel Chipiristeanu

Last update 06 March 2012

 

TOP