Virus vendors are frequently accused of creating the viruses
so they can sell you the fix. Just last week, ESET Software came by to discuss
their 2007 Malware report and it was a joke among us that they were writing the
viruses so they could detect them.
Well, now we’re seeing a piece of malware that does just
that. Kaspersky Labs has found a virus called MonaRonaDona that is exactly the
opposite of most malicious software. Instead of hiding, it makes its presence
known with a threat to the user.
The hope on the part of the authors is that the user will do
a Google search on this new threat. When you search for solutions for
MonaRonaDona, you will find a site called Unigray Antivirus, which claims to be
a legitimate antivirus company and able to remove MonaDonaRona.
However, Kaspersky did a little digging, which means they
did a WHOIS search. Unigray’s Website was registered on February 20, 2008,
which is always a red flag for trouble. When you run a scan of your computer
using Unigray’s technology, it pops up completely random infections, calling
them all a form of the MonaRonaDona malware.
Kaspersky quickly realized that Unigray is only capable of
removing one piece of malware from a user’s system — you guessed it, the
MonaRonaDona malware, for a fee of $39.
Fortunately, the Google search results list is not static. A
search of MonaRonaDona no longer brings up Unigray in search results or
advertising, just a lot of people talking about this new virus.
Give your antivirus vendor of choice a day or so, they
should have definitions to detect this shortly.