Its been a busy few days over the festive season here in SophosLabs. This is a little unusual, as often the malware authors are relatively quiet until after Christmas day at least, but the Storm (aka Dorf) and PushDo\PushU gangs obviously decided not to take a break this year. We are still seeing large volumes of PushU-D on the spam traps. Currently accounting for approximately 40% of infected email so far this year.
We’ve updated our generic detection so the campaign (it was previously detected as Troj/Agent-GKG) so that we can continue to catch variants as they evolve.
Many thanks to those members of SophosLabs that volunteered to give up at least some of their festivities to keep our protection the best.