According to Websense, the campaign is low-volume, and is currently impersonating Symantec, F-Secure, Verisign and Sophos. The malicious payload (MD5: ebb4ac5bb30b93e38a02683e3e7c98c6) is currently detected by 3 out of 42 antivirus scanners as Trojan.Agent/Gen-Banload; TROJ_GEN.R47H1HR.