|
|
Name:
YUKON3U.MP JPG Hoax
Description:
This widespread hoax was posted to dozens of
usenet newsgroups on March 23rd, 1997. Ignore this hoax warning and do not pass
it on. It is impossible to get infected by downloading and viewing GIF or JPG
pictures.
The actual message looked like this:
****
From: SammyT32 (Sammy T.)
Subject: VIRUS WARNING!!: YUKON3U will strike!
Date: Sun, 23 Mar 1997 04:37:37 GMT
Organization: MDM Communications, Inc.
YUKON3U.mp VIRUS IS ABOUT TO STRIKE THE NEWSGROUPS!
As many of you know, the amount of viruses that have been posted
within the past couple of months are tremendous -- now we have 2 new
threats to contend with.
To continue... a medium amount of the recent posts in some of the
Alt.Binaries have contained a time-bomb trojan virus called YUKON3U.mp
which is a derivative of a 2nd generation Mutating Engine developed by
the Dark Avenger -- a self-described "King" of viruses from Bulgaria.
The only difference is that this strain has a stealth capability
beyond the reach of Norton or McAfee Anti-Virus programs latest
updates, with the possible, but not probable exception of Dr.
Soloman's Anti-Virus version 7.69. The encryption technique is
incredible.
The YUKON3U.mp virus is somehow compiled within the UUE code
of the JPG itself, and when decoded will install the virus onto the
boot sector of the hard drive, and lie in wait for the trigger date
sometime in April (changing your internal system clock won't help
since the trigger day changes with each infection). The only constant
is the month itself.
The simple fact of decoding the file via a newsreader or third-party
decoder such as Wincode automatically runs and installs the virus
without detection, thereby eliminating the wait for somebody actually
launching the file by accident (we all know viruses do nothing unless
they're launched).
For all intents and purposes, the JPG is viewable without any problems
and normal in every way, but there is a second file hiding within your
boot sector without detection.
|
