Every month we send out communications to customers based on reports we receive about suspicious activity - specifically viruses and malware. There has been some discussion about this on the forum, and therefore the following has been prepared. We'd really appreciate you taking a look and giving us your feedback.
Why do we send these communications? Let me take you through the steps.
I’ve received a letter from Virgin Media telling me I have malware/a vulnerability and I’d like to find out more
Our letters to customers advising them that they have malware or vulnerability explain why we believe this to be the case. This article explains the situation in a little more detail for those customers who wish to know more.
Our Terms & Conditions and Acceptable Use Policy state that the customer is responsible for securing their home network and connected devices. The security of the Virgin Media network and our customers’ data is a high priority for Virgin Media. To that end we devote a great deal of time and resource to keep our customers secure.
Virgin Media receive reports from a variety of sources that highlight suspicious activity coming from IP addresses on our network. An IP address is a unique number assigned to each internet connection we provide. This suspicious activity often indicates an infected device or vulnerability. We match the IP to the customer account and can then notify the customer about the issue.
Many of the reports will show a summary of the evidence gathered. For example, “Dictionary password attack” sent from “IP 220.127.116.11 at 12:00 GMT”. With a report like that we won’t be able to specify which device is causing the problem, only that there is a problem that needs to be resolved.
It is important to note that Virgin Media takes such reports from reputable organisations on good faith, and with any report there is a chance of false positives. However, we believe that it is in our customers’ interests that we notify them of these reports. Surveys conducted on behalf of Virgin Media have shown that our customers appreciate our security alerts notifying them of these issues.
You can find more detailed information about how this traffic is identified at the websites below. Here are some examples of the third party organisations that provide ISPs with reports, some of which may be used by Virgin Media:
On occasions, Virgin Media may be supplied with ad hoc information from local/international law enforcement and anti-cybercrime organisations which we will act on in the same way.
We have a responsibility to give sound advice when we advise customers of a malware infection. Very often, such issues are the result of misconfigured routers, or where new network hardware such as backup drives have been left with default settings. Please ensure that you run your scans and checks alongside all the usual software that you normally have running, otherwise the infection or vulnerability may not be spotted.
Our communications always provide guidance on fixing the issue. They also suggest our forums as a place to seek high quality advice from other users and acknowledge the option of consulting an independent or large chain computer store.
Our guidance for what action to take regarding malware can be found here and will enable you to resolve the issue. We have specific guidance on other issues and this will be highlighted in the communication you receive.
We highlight the option of using Gadget Rescue. There is no compulsion to use this service but many of our customers find the service extremely useful and good value. Gadget Rescue offer a money back guarantee if you are unhappy with their service.
Our motive is to inspire action to resolve the issue and provide a better customer experience. If the customer does not take appropriate action then malware can remain present on the device. In these cases the malware can affect the performance of the device and there is the potential for the device to impact our network. It can even be used as a command & control for a botnet. In addition, there is the potential for the device to be used for illegal activity and for the customer’s personal and/or financial data to be at risk.
We trust that the above explains why we contact customers and how we are able to identify that a customer’s device may have malware. Such reports are sent to many ISPs, who in turn send similar communications to their customers.
If you receive such a communication from us and have carried out all the necessary steps to check you do not have an infection, then please feel free to disregard the communication. We will continue to contact customers who repeatedly show up on reports. If you receive a 2nd report and have taken the appropriate action then it would be worthwhile looking into the issue more closely. Try visiting our forum to discuss the issue with other users and to check if there are other steps you can take.