Running the latest Fortigate OS with features such as block Botnet traffic enabled I am seeing intermittent low profile blocks labelled Zeus, this has appeared from 3 sources but outgoing web or IP addresses are different
Dst 85.233.160.70 (www.mhealthcaresolutions.co.uk)
Dst 213.186.33.19
Virus Zeus
I have scanned each source machine within an inch of their lives with Sophos and various root kit revealers but have found nothing.
Is this a feature of the new OS and specifically the Block Connections to Botnet Servers feature?