Virus Hoax: Yukon3U.mp JPGName: YUKON3U.MP JPG Hoax
This widespread hoax was posted to dozens of usenet newsgroups on March 23rd, 1997. Ignore this hoax warning and do not pass it on. It is impossible to get infected by downloading and viewing GIF or JPG pictures.
The actual message looked like this:
**** From: [email protected] (Sammy T.) Subject: VIRUS WARNING!!: YUKON3U will strike! Date: Sun, 23 Mar 1997 04:37:37 GMT Organization: MDM Communications, Inc. YUKON3U.mp VIRUS IS ABOUT TO STRIKE THE NEWSGROUPS! As many of you know, the amount of viruses that have been posted within the past couple of months are tremendous -- now we have 2 new threats to contend with. To continue... a medium amount of the recent posts in some of the Alt.Binaries have contained a time-bomb trojan virus called YUKON3U.mp which is a derivative of a 2nd generation Mutating Engine developed by the Dark Avenger -- a self-described "King" of viruses from Bulgaria. The only difference is that this strain has a stealth capability beyond the reach of Norton or McAfee Anti-Virus programs latest updates, with the possible, but not probable exception of Dr. Soloman's Anti-Virus version 7.69. The encryption technique is incredible. The YUKON3U.mp virus is somehow compiled within the UUE code of the JPG itself, and when decoded will install the virus onto the boot sector of the hard drive, and lie in wait for the trigger date sometime in April (changing your internal system clock won't help since the trigger day changes with each infection). The only constant is the month itself. The simple fact of decoding the file via a newsreader or third-party decoder such as Wincode automatically runs and installs the virus without detection, thereby eliminating the wait for somebody actually launching the file by accident (we all know viruses do nothing unless they're launched). For all intents and purposes, the JPG is viewable without any problems and normal in every way, but there is a second file hiding within your boot sector without detection. One of the effects carries a nasty manipulation task which damages hardware -- an interrupt call set to a track value beyond 39, which will cause the drive heads to move past the inner track of the hard drive, causing the heads to stick on some models. That isn't the worst of it. Untitled posts which contain special BOTS that are basically invisible and cannot be seen or read by newsgroup readers have also been recently posted according to Dr. Soloman's web-site. These BOTS are capable of replacing ASCII characters within all posts in the Alt. Binaries newsgroups (i,e. H becomes S, G becomes F, and so on). The BOTS are triggered to alter other user posts by certain words contained in the post, or by calling upon the Cancel Date of the article ( probably some time in April ). It's very possible that the same group who posted the KILL-BOTS last July are behind this second posting along with the YUKON3U.mp virii. ****Again, ignore this message and do no pass it on.