Home / malwarePDF  

Program:MSIL/Pameseg.G


First posted on 29 November 2011.
Source: SecurityHome

Aliases :

Program:MSIL/Pameseg.G is also known as MSIL/ArchSMS.E (Norman), Trojan.SMSSend.1564 (Dr.Web), MSIL/Hoax.ArchSMS.AC application (ESET), Hoax.MSIL (Ikarus), Hoax.MSIL.ArchSMS.cla (Kaspersky).

Explanation :

Program:MSIL/Pameseg.G is malware that impersonates the installer programs for popular software such as Adobe Flash Player or Mozilla Firefox. When run, they usually prompt the user to send an SMS to a premium number to complete installation of the software, though the software is often available for free.


Top

Program:MSIL/Pameseg.G is malware that impersonates the installer programs for popular software such as Adobe Flash Player or Mozilla Firefox. When run, they usually prompt the user to send an SMS to a premium number to complete installation of the software, though the software is often available for free.



Installation

Files detected as Program:MSIL/Pameseg.G usually contain a password-protected 7Zip archive that contains a program. The program is usually the actual installer that Program:MSIL/Pameseg.G attempts to simulate.

Behavior

Prompts the user to send a premium SMS

When the user attempts to run Program:MSIL/Pameseg.G, it prompts the user to send an SMS to a premium number to complete installation. The SMS is not free of charge.

Program:MSIL/Pameseg.G has been seen to contain the following software:

  • Adobe Flash Player
  • Adobe Reader
  • DrWeb Anti-virus
  • Kaspersky Internet Security
  • Microsoft DirectX
  • Microsoft FrontPage
  • Mirabilis ICQ
  • Mozilla Firefox
  • NOD32 Anti-virus
  • Opera
  • Skype
  • WinRAR
  • µTorrent


For example, it might display any of the following interfaces:





In certain instances, it is also known to contain the following programs and data:

  • Key generators
  • Password recovery tools
  • Pirated games and game cheat codes
  • Pirated Microsoft products
  • Social networking plugins


Connects to a remote server

Program:MSIL/Pameseg.G has been observed to connect to the server "extrafiles.org".



Analysis by Sergey Chernyshev

Last update 29 November 2011

 

TOP

Malware :

Family: