Yobbing Yahoo!


It looks like e-crooks’ interest in Yahoo!® is getting bigger and bigger these days. According to what my colleagues from the labs whispered to me a couple of days ago, two brand new breeds of credentials stealers are targeting the users of the Yahoo!® portal.

One of them – Trojan.PWS.Agent.SLW – penetrates unprotected systems via altered applications that unsuspected users download from warez sites and execute on their computers. The BitDefender  labs discovered this Trojan in a customized package, bundled with CurseClient, a free add-on manager that allows users to browse, install, and update addons for World of Wordcraft™, Warhammer Online©/™ and ©Runes of Magic.

Cybercriminals appended one dodgy executable – ar96.exe – to the clean kit of the add-on manager. After the manager installation completes, the aforementioned executable is launched, creating a plain-vanilla text file in the Temp directory and stealing the credentials used on Yahoo!® and CurseClient.

The other piece of malware trying to steal Yahoo!® usernames and passwords is Trojan.Agent.AQOU, which injects iFrames in HTML pages and uses a DLL pertaining to WinPcap to transmit the pilfered data.

Currently, all BitDefender products, including free in-the-cloud QuickScan, detect the two e-threats. For a free disinfection of your system, consider running the Online Antivirus Scanner.


Safe surfing everybody!


This article is based on the technical information provided courtesy of Dumitru-Bogdan Prelipcean and Alexandru Maximciuc, BitDefender Online Threats Researchers.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author


With a humanities passion and background (BA and MA in Comparative Literature at the Faculty of Letters, University of Bucharest) - complemented by an avid interest for the IT world and its stunning evolution, I joined in the autumn of 2003 the chief editors' team from Niculescu Publishing House, as IT&C Chief Editor, where (among many other things) I coordinated the Romanian version of the well-known SAMS Teach Yourself in 24 Hours series. In 2005 I accepted two new challenges and became Junior Lecturer at the Faculty of Letters (to quote U2 - "A Sort of Homecoming") and Lead Technical Writer at BluePhoenix Solutions.

After leaving from BluePhoenix in 2008, I rediscovered "all that technical jazz" with the E-Threat Analysis and Communication Team at BitDefender, the creator of one of the industry's fastest and most effective lines of internationally certified security software. Here I produce a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases. Every now and then, I enjoy scrutinizing the convolutions of e-criminals' "not-so-beautiful mind" and, in counterpart, the new defensive trends throughout posts on

Balancing the keen and until late in night (please read "early morning") reading (fiction and comparative literature studies mostly) with Internet "addiction", the genuine zeal for my bright and fervid students with the craze for the latest discoveries in science and technology, I also enjoy taking not very usual pictures (I'm not a pro, but if you want to see the world through my lenses, here are some samples, messing around with DTP programs to put out some nifty book layouts and wacky t-shirts, roaming the world (I can hardly wait to come back in the Big Apple), and last but not least, driving my small Korean car throughout the intricacies of our metropolis's traffic.