Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 2nd, 2008

MonaRonaDona New Social Engineering Scam

A malware called “MonaRonaDona” is using social engineering tactics and prompts users to enter the term “MonaRonaDona” into a search engine. This attempt leads them to an application that can remove the unwelcome threat – a fix that has obviously been conveniently provided by the very people who created the virus in the first place.

When the Trojan executes, it creates the file SRVSPOOL.EXE in the startup folder of all user accounts and displays the following alert on the compromised computer:

The threat will stop the following applications if their name appears in the Windows title bar and the title bar will also contain a reference to MonaRonaDona:

Date And Time
Windows Task Manager
Microsoft Visual
Windows Media Player
Microsoft Office
Microsoft Excel
Microsoft Word
Windows Live Messenger
Registry Editor
Google Talk

Once the user enters the name ‘MonaRonaDona’ into an Internet search engine, some of the top search results will be the “cure” that the malware. This fake cure is most conveniently created in order to solve the problem and charge US$39.90 for it.

Currently top search engine results highlight the fact that this is a scam and warn victims against downloading the Trojan author’s application created to remove the malware, which costs US$39.90. The website which provides it, Unigray, is down at this moment. While the software does in fact remove the MonaRonaDona Trojan – it is the ONLY malware it removes, despite the fact that it (falsely) reports to have cleaned over 200 other threats. These threats appear to have been randomly selected from the Symantec threat database.

Not surprisingly, the domain was only registered on Feb 20 this year – and yet the product claims to detect 679,871 threats.

Symantec antivirus products detect MonaRonaDona as Trojan.Monagray and the Unigray software as misleading application “Unigray”.

Share this article with others:

More on CyberInsecure:
  • Nigerian Spammers – Now In Google Calendar
  • Fraudsters Prey Upon Public Interest In Current Events to Launch Trojan Attacks On Fake CNN Site
  • Another Breaking News Social Engineering Spam Installs Malware And Fake Anti-Spyware Tools
  • Apple Users Targeted By Smut-punting Video Codec Malware
  • 30 Percent Of New Major Social Networks Accounts Are Fraudulent

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: MonaRonaDona New Social Engineering Scam

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.