F-Secure: Be Sure
Main
F-Secure Logo - Be Sure
Select local site


Privacy Policy
Legal Notices
Contact Us

Hoax Warnings

Alphabetical Index
NAME:YUKON3U.MP hoax
ALIAS:JPG hoax, GIF hoax

This widespread hoax was posted to dozens of usenet newsgroups on March 23rd, 1997. Ignore this hoax warning and do not pass it on. It is impossible to get infected by downloading and viewing GIF or JPG pictures. 

  From: SammyT32@shorty.com (Sammy T.)
  Subject: VIRUS WARNING!!:  YUKON3U will strike!
  Date: Sun, 23 Mar 1997 04:37:37 GMT
  Organization: MDM Communications, Inc.


  YUKON3U.mp  VIRUS IS ABOUT TO STRIKE THE NEWSGROUPS! As many of
  you know, the amount of viruses that have been posted within
  the past couple of months are tremendous -- now we have 2 new
  threats to contend with.


  To continue...  a medium amount of the recent posts in some of
  the Alt.Binaries have contained a time-bomb trojan virus called
  YUKON3U.mp which is a derivative of a 2nd generation Mutating
  Engine developed by the Dark Avenger -- a self-described "King"
  of viruses from Bulgaria. The only difference is that this
  strain has a stealth capability beyond the reach of Norton or
  McAfee Anti-Virus programs latest updates, with the possible,
  but not probable exception of Dr. Soloman's Anti-Virus version
  7.69.  The encryption technique is incredible.


  The YUKON3U.mp virus is somehow compiled within the UUE code of
  the JPG itself, and when decoded will install the virus onto
  the boot sector of the hard drive, and lie in wait for the
  trigger date sometime in April (changing your internal system
  clock won't help since the trigger day changes with each
  infection).  The only constant is the month itself.


  The simple fact of decoding the file via a newsreader or
  third-party decoder such as Wincode automatically runs and
  installs the virus without detection, thereby eliminating the
  wait for somebody actually launching the file by accident (we
  all know viruses do nothing unless they're launched).


  For all intents and purposes, the JPG is viewable without any
  problems and normal in every way, but there is a second file
  hiding within your boot sector without detection.


  One of the effects carries a nasty manipulation task which
  damages hardware -- an interrupt call set to a track value
  beyond 39, which will cause the drive heads to move past the
  inner track of the hard drive, causing the heads to stick on
  some models. That isn't the worst of it.  Untitled posts which
  contain special BOTS that are basically invisible and cannot be
  seen or read by newsgroup readers have also been recently
  posted according to Dr. Soloman's web-site.


  These BOTS are capable of replacing ASCII characters within all
  posts in the Alt. Binaries newsgroups (i,e. H becomes S, G
  becomes F, and so on).  The BOTS are triggered to alter other
  user posts by certain words contained in the post, or by
  calling upon the Cancel Date of the article ( probably some
  time in April ). It's very possible that the same group who
  posted the KILL-BOTS last July are behind this second posting
  along with the YUKON3U.mp virii.

Ignore this warning and do not pass it on. Also, do not confuse this hoax to the real Yukon.151 virus (http://www.europe.F-Secure.com/v-descs/yukon.shtml).