We're seeing similar alerts. Since midnight we've had ~55 Wildfire alerts. We typically see only 1 or 2 per week.
I've spot-checked about a dozen of our alerts. One commonality is that the most "severe" indicator is "connected to a malicious domain", triggered from the Win7 VM. I haven't made it into the PCAPs yet but the only "DNS queries" listed are "akadns.net", "akadns.org", or "time.windows.com". The only "Connections" listed are to a MS NTP server.
I have a feeling one of those domains has been flagged and now every Wildfire submission that targets it gets labeled as malware.
... View more