Просмотр полной версии : The MonaRonaDona Extortion Scam

05.03.2008, 11:43
Online tech support forums are starting to light up over an increasing number of PCs sickened by something called the "MonaRonaDona virus," a piece of malware that threatens to trash host computers. As it happens, MonaRonaDona appears to be a relatively innocuous invader that was created to scare people into purchasing a fake new anti-virus product.

I first read about MonaRonaDona in a discussion thread over at the excellent DSL Reports Security Forum, where members traded tips on removing the bugger. Nobody seems to know how the thing wiggles into infected PCs in the first place, but the one thing that's clear is that this invader's primary purpose is to call as much attention to itself as possible (that kind of behavior is always a red flag, because most modern malware succeeds by being stealthy and unobtrusive). This piece of malware disables a number of programs on the victim's PC, changes the title of each Internet Explorer Window to include its name, and pops up the warning shown in the adjacent screenshot.

According to an analysis by Russian anti-virus maker Kaspersky Lab, MonaRonaDona is noisy because its author is hoping the victim will conduct a Google search for instructions on how to remove it. The second result in a Google search for "monaronadona" is a Digg.com article linking to an anonymous blog entry with instructions on downloading and using a product called "Unigray Antivirus." One blog claims Unigray "is considered the best for removing the monaronadona virus compared to the other spyware / antivirus programs." There are a few other prominent results that sing the praises of Unigray Antivirus, including a YouTube.com video.

What these results won't tell you up front is that Unigray Anitvirus costs $39.90. It also fails to mention what Kasperksy analysts figured out on their own: That while Unigray Antivirus will in fact remove the dreaded MonaRonaDona virus, that is the only piece of malware it is designed to remove.

If you're a victim of this extortion scam, please don't pay up. Several self-help groups have free instructions on how to remove this thing. These instructions over at DSL Reports seem to have helped a number of victims remove MonaRonaDona without problems.
washingtonpost (http://blog.washingtonpost.com/securityfix/)