Unraveled: Elaborate malware scheme scams users into parting with cash

If you see a computer being infected with a "MonaRonaDona virus," you might be interested to know that this "virus" has been making its rounds the past week. Its purpose? To get you to part with your money.

If you see a computer being infected with a "MonaRonaDona virus," you might be interested to know that this "virus" has been making its rounds the past week.

According to the security researchers over at Kaspersky, the MonaRonaDona virus is actually a custom software and is part of an elaborate scam to sell fake antivirus software. Ironically, its role in the scheme of things is to panic the users into taking action to eradicate it.

Excerpt from ComputerWorld:

Unlike most viruses and Trojans which try to go about their evil task as invisibly as possible, the MonaDonaRona Trojan displays a broadly visibly message in front of the victim. It says, "Welcome to MonaRonaDona. I am a Virus & I am here to wreck your PC. If you observe strange behavior with your PC, like program Windows disappearing, etc., it's me who's doing this." The message claims it's all part of a human rights protest.

According to Kaspersky Lab researcher Roel Schouwenberg, this is the part where it gets interesting. Apparently, if you search the Web to find out more about this "virus," you will find a whole bunch of Web pages with bogus stories and commentary recommending certain antivirus tools to get rid of it.

One such site I visited listed the usual antivirus products, but it inserted an antivirus product at the top of the list that I have never heard of before — a product called Unigray that's available from the Unigray.com Web site for about US$39.00.

Below is the screenshot of one of the sites that I Googled. I'm not going to increase the ranking of this (and other such) site further by linking to them - so feel free to Google them on your own.


This is certainly not the first time that such schemes have been uncovered. In August of 2007, I covered news of a government-headed crackdown in South Korean on antispyware products being sold that are, in some cases, even harder to remove than real spyware.

However, MonaRonaDona might be unprecedented in terms of its reliance on social engineering and perhaps sheer scale in the number of Web pages designed to shepherd victims towards parting with their cash. In fact, I even saw a YouTube video promoting it! (Links deliberately omitted)

The bottom line: Clean computers with software from valid antivirus vendors.

Do you think MonaRonaDona is the first of a new wave of "for-profit" malware?

By Paul Mah

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.