I have been informed by Spamhaus that the IP address we use for corporate email has communicated with a known spam site and is either infected by, or NATing for, a computer that is infected by the S_Gozi trojan / downloader.
It states that the infection is extremely difficult to detect and is not seen by most commercial AV or EndPoint protection suites.
I have been told to program the Sonic-wall TZ215 to stop all traffic to sites outside the US. We have never done this before. Not sure how to setup the sonic-wall for that purpose. I know this virus does not use the standard port 25 for smtp traffic it uses port 80 which i cannot block. It is extremely difficult to find so i am trying to stop its connections at the firewall level to stop it communicating. Any help would be greatly appreciated.