March 5, 2008 General 0 – Analyst’s Diary

It’s name is MonaRonaDona and it’s very unusual for malware. It takes over the system as visibly as possible and demands you buy a $40 product called unigray nti-virus. It’s a scam. How it gets onto systems is not yet known but the a/v makers have started pushing out updates for this extortionware. If you see this on your machine please contact me as soon as possible.

*Update* Threatfire has some more details. It is apparently associated with RegistryCleaner2008.exe. Follow the link for their analysis.