This month’s bad behavior pick, highlighted in order to help you understand how to steer clear of it, is malware known as MonaRonaDona. This scam started making its rounds early last month. MonaRonaDona gets extra bad behavior points for packing in a lot of deception in an effort to con computer users out of their money.
Understanding the Threat
With this month’s threat, we’re dealing with a social engineering tactic that attempts to scare computer users into buying rogue security software. While this type of scheme may be nothing new, the tricks used by MonaRonaDona have a twist.
In this case, the propagators of the scheme infect users through a Trojan (in Ad-Aware’s Detection Database as Win32.Trojan.MonaGrey). The user receives a message that he or she is infected with “MonaRonaDona.” The cyber scammers are purposely vocal in order to carry out their scare tactics. When the name of the malware is entered into a search engine, users are led to believe that they need to buy a certain security program (the rogue software, Unigray AntiVirus) to remove the threat.
The Bad Behavior
Exactly how does the bad behavior play out? Once infected, the computer user receives a pop-up message similar to this:
“Hi, My name is MonaRonaDona. I am a Virus and I am here to Wreck Your PC. If you observe strange behavior with your PC, like program windows disappearing etc, it's me who is doing all this.”
Along with that, reports say, the malware disables programs on the user’s computer and changes the title of Internet Explorer windows to include its name.
The person then tries to learn more by conducting a Google search for “MonaRonaDona”. Search result findings, which have been fixed by the malware’s authors in a pre-fabricated scheme, point the victim towards the Unigray AntiVirus program. For the sum of about $40 US, the user is led to believe they can rid their computer of this threat.
To add to that, Unigray AntiVirus even carries clear similarities to Ad-Aware 2007’s user interface. See the Lavasoft Research blog for more details.
At the time of writing, the homepage that was hosting Unigray has been taken offline, and top web searches now explain the truth about this scam. Still, exploiting victims into purchasing rogue software is not a new tactic, nor is it one that is bound to end anytime soon.
How can you avoid falling for a rogue security program? To start with, be wary of anti-spyware products that are automatically installed after other problems start, and of any security programs that are suggested through pop-ups or similar warning alerts. This behavior is a red flag for rogue software.
The experts at Lavasoft have more tips, below, to make sure you rely on products with proven track records and reliability.
- Practice online skepticism. Be aware that rogue security software does exist on the web, and be vigilant about avoiding it. If you are suspicious about a product, check for reviews on trusted websites, magazines or from software outlets. Rogue applications often claim to be “the best on the market” and post deceptive review results on their own site where the product scores rave ratings.
- Do not blindly trust individual sites offering anti-spyware. Refer to reputable lists of trustworthy anti-spyware programs and rogue/suspect anti-spyware programs like the one on SpywareWarrior.com.
- Do not fall for scare tactics – get a second opinion. An almost universal trait of rogue anti-malware applications is for the scan result, at first glance, to display plausible results. However, in order to clean the detected items, you must “register” the product; this, in reality, means you must pay for the product. Visit a trusted source like Download.com, download a free anti-malware application, and scan again.
- Take advantage of our experts on the Lavasoft Support Forums to assist you if you suspect that an application may not be legitimate. If Lavasoft's researchers have not encountered the program, they will analyze it and add it to detection if it meets detection criteria.