A few months ago I spotted strange traffic while manually browsing the firewall logs.

Come to find out, that we had viruses on a few computers running a Gaobot variant. We use EPO and are really proactive about these things, but this variant was not being detected. I even sent NAI the virii and they still can not detect this version today.

Anyways, are there any tools that we can use to detect these varients? Maybe a plug in for our Cisco IDS system?