Remember the person who ran an attachment on an email pretending to be from his hotmail account which he knew he didn't send?
Something interesting is happening on our PCs, and although Sophos reckons there's no infection, it may well be linked.
Can you run the following two from the command line (Windows 9x: Start / Programs / MS-DOS Prompt, Win 2k/XP: Start / Programs / Command line, Linux: ... probably don't need to be told!)
ping windowsupdate.microsoft.com
ping v4.windowsupdate.microsoft.com
(Ping sends a small 'hello' message to the destination and expects a 'hello' back, but it's the IP address I'm particularly interested in...)
What's the result?