"MonaRonaDona": A revolution in social engineering

Recently, infections of the malware “MonaRonaDona” have been increasingly prevelent.
Once “MonaRonaDona” is installed on a user’s system, it displays the following message:

“Hi, My name is MonaRonaDona. I am a virus
& I am here to Wreck your PC. If you
observe strange behaviour with your PC, like
program windows disappearing e.t.c, it’s me
who is doing all this. I was created as a protest
against the Human Rights Violation
being observed throughout the world & the
very purpose of my existence is to remind
& stress the world to respect humainty.”

Once active, “MonaRonaDona” attempts to terminate the following services:
Date And Time
Windows Task Manager
Registry Editor
Google Talk
Microsoft Visual
Windows Media Player
Microsoft Office
Microsoft Excel
Microsoft Word
The ‘Internet Explorer’ title bar is also modified to contain text regarding “MonaRonaDona”.

Immidiatly after infection however, this activity will not be present as the malware registers itself to run as ‘Windows’ boots. As a result of this, how “MonaRonaDona” actually infects computers is still unknown as users often cannot remember their actions prior to the infection.

However, this is where it gets interesting as due such actions as displaying a warning message once infected, actively terminating common ‘Windows’ processes and displaying messages in application’s title bars, we are forced to ask ourselvs the simple question:

“Why does the malware author want “MonaRonaDona” to be noticed by the user to such an extent?”

The awnswer lies in a simple search for “MonaRonaDona” in one of today’s popular search engines. This query will direct the user to a page similar to this one:

Or alternatively a ‘Digg’ (a popular content sharing domain) article or ‘YouTube’ video, all advertising the same product:
“Unigray antivirus”.

The article displayed in the image claims that “MonaRonaDona” can be fixed with the following legitimate applications:

and ‘McAfee’

When in reality, only ‘Kaspersky’ has included “MonaRonaDona” in it’s ‘DATs’ (as ‘Trojan.Win32.Monagrey.a’).
The article also claims that the best application that a user can use to fix the malware is called ‘Unigray antivirus’.
‘Unigray antivirus’ is an application published on the web at the same time detections of “MonaRonaDona” began appearing.
Furthermore, when examined by ‘Kaspersky Labs’, the application was found to only detect (to a minimal standard) 19 different threats (including “MonaRonaDona”) yet only removes one.. “MonaRonaDota”.
When comparing the code of “MonaRonaDona” to that of ‘Unigray’, it is also noteable that there are many simularities.
Therefore, it extremely probable that the individual(s) behind “MonaRonaDona” are the same individual(s) that created “MonaRonaDona”.
It seems social engineering techniques are getting increasingly devious and manipulative and that fraudware/malware authors are gaining more insight into the psycology of their victims and can thusly be expected to be seen employing social engineering techniques as a venue for infection more regularly.

2 thoughts on “"MonaRonaDona": A revolution in social engineering

  1. ha cool, heard of Kevin Mettnick ?
    the uber guru of social engg.!

    but still companies find moroniC ways of attracting customers!
    thanks for alerting the public about this issue, “PUBLIC AWARENESS”.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s