You think that's fishy. I worked for a hospital once where our user's had to send personal health information to the state. To do this, they used an intermediary network provider (a huge company, which I hesitate to say their name, but it rhymes with BT&T). They simply provided a secure connection the states' systems.
One day, suddenly, every single time our user's would connect, our Enterprise AV would warn of a Conficker virus and would supposedly stop it. I personally wrote the IT guys at this conglomerate and warned them that their servers (the infection came once connected to the secure appliance, but before reaching the state systems) appeared to be infected with Conficker, but they basically told us to mind our own business.
Lo and behold, about two weeks later, we had a major outbreak of Conficker, which we had to spend a long time cleaning up and investigating. And guess where it came from!
Even trusted sources can be compromised.