Ahh spam, unfortunately those trojans are easy to package a small SMTP server along with. That points back to HT and Phish's ideas. I have had excessive spamming from clients before and since I use exchange I have the luxury of locking down all SMTP traffic incoming and outgoing from client machines. Hmmm If you put a packet sniffer on the gateway and filter SMTP then eliminate your mail server address you can track down the worst of the infections by seeing who is sending or recieving smtp/pop outside your server. If you think trojans are afoot. Have fun.