Using the Check Point's SmartLog, I've worked up a little query to help me spot some of the big outbreaks. I grabbed the domains from the ZeusTracker, and built a mini-query (which I then pasted in the query bar.)
dest:(domain or domain or domain or bizserviceszero.com or ....)Periodically, I'll check the domains on ZeusTracker and run a diff to see what enters the list and what gets removed. I know that there are better ways to do this, and I'd love to implement some of those methods. High on my list is adding a Snort box, or even SecurityOnion.
A small win for the day, but at least I can find these machines. Hopefully, when I've built up some metrics, I can support changing the environment, and use the number of infections cleaned up as the driver.