We just published some results about the use transaction malleability in the Bitcoin network with a special focus on MtGox:
How did you pick up the vulnerable transactions? Those weren't relayed through the bitcoin network, just published through their API. With signatures which were mutable into standard format. (Which we can assume the attacker did for his own transactions.)