We neutralized one of these at a client company a couple of weeks ago. In a small network, the trick is finding the offending computer without sophisticated sniffing tools. Ours were fake emails from Fedex and Ebay being spammed from inside the LAN.
The company's SMTP server didn't seem to be involved at all. The Trojan generated its own messages and outbound port 25 traffic itself from a Windows XP SP3 machine with AVG protection that was out of date.
Thanks to Geoffrey Ingersoll and Business Insider
White House Confirms Security Breach By Chinese Hackers - Business Insider