Recently, infections of the malware “MonaRonaDona” have been increasingly prevelent.
Once “MonaRonaDona” is installed on a user’s system, it displays the following message:
“Hi, My name is MonaRonaDona. I am a virus
& I am here to Wreck your PC. If you
observe strange behaviour with your PC, like
program windows disappearing e.t.c, it’s me
who is doing all this. I was created as a protest
against the Human Rights Violation
being observed throughout the world & the
very purpose of my existence is to remind
& stress the world to respect humainty.”
Once active, “MonaRonaDona” attempts to terminate the following services:
Date And Time
Windows Task Manager
Windows Media Player
The ‘Internet Explorer’ title bar is also modified to contain text regarding “MonaRonaDona”.
Immidiatly after infection however, this activity will not be present as the malware registers itself to run as ‘Windows’ boots. As a result of this, how “MonaRonaDona” actually infects computers is still unknown as users often cannot remember their actions prior to the infection.
However, this is where it gets interesting as due such actions as displaying a warning message once infected, actively terminating common ‘Windows’ processes and displaying messages in application’s title bars, we are forced to ask ourselvs the simple question:
“Why does the malware author want “MonaRonaDona” to be noticed by the user to such an extent?”
The awnswer lies in a simple search for “MonaRonaDona” in one of today’s popular search engines. This query will direct the user to a page similar to this one:
The article displayed in the image claims that “MonaRonaDona” can be fixed with the following legitimate applications:
When in reality, only ‘Kaspersky’ has included “MonaRonaDona” in it’s ‘DATs’ (as ‘Trojan.Win32.Monagrey.a’).
The article also claims that the best application that a user can use to fix the malware is called ‘Unigray antivirus’.
‘Unigray antivirus’ is an application published on the web at the same time detections of “MonaRonaDona” began appearing.
Furthermore, when examined by ‘Kaspersky Labs’, the application was found to only detect (to a minimal standard) 19 different threats (including “MonaRonaDona”) yet only removes one.. “MonaRonaDota”.
When comparing the code of “MonaRonaDona” to that of ‘Unigray’, it is also noteable that there are many simularities.
Therefore, it extremely probable that the individual(s) behind “MonaRonaDona” are the same individual(s) that created “MonaRonaDona”.
It seems social engineering techniques are getting increasingly devious and manipulative and that fraudware/malware authors are gaining more insight into the psycology of their victims and can thusly be expected to be seen employing social engineering techniques as a venue for infection more regularly.