Naturally, we began monitoring incoming samples for the keyword "Krebs".
And it didn't take very long before something turned up.
Trojan-Downloader:W32/Agent.DTBM (SHA-1: 20dba9e7730094341f327194f67b43bd751dd9cf) creates the following mutex:
Hmm, looks like analyst and ZDNet.com blogger Dancho Danchev should be added to our watch list…
This trojan is in the wild, but is not highly prevalent. Our antivirus blocked it based on behavioral heuristics even before we added a signature detection.
Additional analysis from our Threat Research team tells us that the trojan attempts to connect to fatgirlsloveme.com (Whois). The site/server was not online two days ago, but its proxy now appears to be active (hosted in Germany).