Home / malwarePDF  

Win32/Pameseg


First posted on 23 February 2012.
Source: Microsoft

Aliases :

There are no other names known for Win32/Pameseg.

Explanation :

Win32/Pameseg is a family of installers that require the user to send an SMS message to a premium number to successfully install certain programs, some of which are otherwise be available for free. Currently, most variants target Russian speakers.


Top

Win32/Pameseg is a family of installers that require the user to send an SMS message to a premium number to successfully install certain programs, some of which are otherwise be available for free. Currently, variants of Pameseg target Russian speakers.

The installer claims that when users send the SMS message, they receive a code used to complete installation of the program. However, this has not been verified.

Win32/Pameseg usually claims to be an installer for certain types of programs, which usually fall under the following categories (note that this list is not exhaustive):

  • Key generators
  • Password recovery tools
  • Pirated games and game cheat codes
  • Pirated Microsoft products
  • Social networking plugins


In the wild, Pameseg has been seen to contain the following software:

Adobe Flash Player
Adobe Reader
ALAWAR Keygen 2011
Aluminum WMP
BitDefender
Counter-Strike-Condition-Zero
DjVu Solo
DrWeb Anti-virus
GTA SA Mega Chat Pack
Kaspersky Internet Security
Media Player Classic
Microsoft DirectX
Microsoft FrontPage
Mirabilis ICQ
Mozilla Firefox
NOD32 Anti-virus
Opera
QIP 2005
Rambler ICQ 7
Skype
Sony VEGAS PRO
SpeedFan
STDU Viewer
VKSaver
Windows update patch
WinRAR
Word 2007
WPE Pro
µTorrent

The installer may appear similar to any of the following:











The installer is usually created using ZipMonster, an application that allows the installer to be packaged with different user interfaces so that it may look as close to the original installer as possible.

Aside from payment via SMS messages, users can also pay using web-based payment services such as Webmoney, PayPal, or credit cards. Note that these services are legitimate but are being used with malicious intent by Pameseg.

More information about Pameseg is available in the following blog posts from the MMPC:

  • Easy Money: Program:Win32/Pameseg (part one)
  • Easy Money: Program:Win32/Pameseg (part two)




Analysis by Jaime Wong

Last update 23 February 2012

 

TOP