Menu
Reply
  • 1.15K
  • 68
  • 183
Nex
Knows their stuff
2,326 Views
Message 1 of 15
Flag for a moderator

You have been infected by wannacry (email from Virgin)

Just got a mail from Virgin stating I'm possibly infected by WannaCry.

 

First off, you're wrong. I made VERY sure all my systems are up to date on Friday (and they're all patched fine).

 

Second, none of my PC's are infected with the ransomware (running windows 10 + fully patched)

 

Third, you're scaremongering people who don't know better that they may be infected and cough up cash to pay for your support.

 

Things I'd suggest: Block port 445 from entering the VM network (you don't do this at the moment). I have router logs which prove this. My router is also discarding port 445 attempts towards it (I run modem mode by the way with my own router).

Please show me where dst port 445 was originating from my IP, I'd LOVE to see the logs, but I guess you won't have it.

Nex



Random signature here... I'll get back to this some day!
  • 1
  • 0
  • 0
ddalex
Joining in
2,247 Views
Message 2 of 15
Flag for a moderator

Re: You have been infected by wannacry (email from Virgin)

I got the same email too - qouting below.

It's hilarious, as I don't have any Windows machines at home. I can't find any other reference on the internet.

Does anybody know what is the 'detection' method they used ?

 

Your personal data could be at risk of being inaccessible

We have been alerted that one or more of your devices has become infected with ransomware, a type of malicious software that encrypts all the information held on your device and demands a ransom payment in order for the files to be unencrypted.

Virgin Media and its network are not impacted by the ransomware attack. However, we were advised about the potential risk to your data through our work with a number of not-for-profit organisations across the banking industry and security sectors. These organisations collate information on devices across the Internet that appear to be infected by malware.

The WannaCry malware was detected on a device using your internet connection or home network on 13 May 2017.

0 Kudos
Reply
  • 101
  • 4
  • 7
Sheza
Up to speed
2,305 Views
Message 3 of 15
Flag for a moderator

Re: You have been infected by wannacry (email from Virgin)

I have received the same message and none of my computers have been infected. The network is secured with a very long and secure password so it cannot be the neighbours either. What gives?

Question to OP though - do you use a VPN at all? 

  • 1.15K
  • 68
  • 183
Nex
Knows their stuff
2,302 Views
Message 4 of 15
Flag for a moderator

Re: You have been infected by wannacry (email from Virgin)

I do, I VPN into work and have a private VPN, but I've not connected to that private one for a while.



Random signature here... I'll get back to this some day!
0 Kudos
Reply
  • 101
  • 4
  • 7
Sheza
Up to speed
2,299 Views
Message 5 of 15
Flag for a moderator

Re: You have been infected by wannacry (email from Virgin)

I also use a VPN at times, so perhaps that has something to do with it.

0 Kudos
Reply
  • 31
  • 1
  • 2
prowl
On our wavelength
2,259 Views
Message 6 of 15
Flag for a moderator

Re: You have been infected by wannacry (email from Virgin)

I got the same... would be a neat trick.. I only have Mac's and Linux machines Smiley Very Happy  

Blanket email?  some other reasons?  VPN?

 

0 Kudos
Reply
  • 101
  • 4
  • 7
Sheza
Up to speed
2,238 Views
Message 7 of 15
Flag for a moderator

Re: You have been infected by wannacry (email from Virgin)

Well, do you use a VPN? If you do perhaps a trend is emerging here...

0 Kudos
Reply
  • 4
  • 0
  • 0
twentynine12
Joining in
2,232 Views
Message 8 of 15
Flag for a moderator

Re: You have been infected by wannacry (email from Virgin)

I also have received the WannaCry email, only use iOS and Macs (have a Windows 10 VM but that's always running darn updates), unless the wife has been doing things she shouldn't on her laptop.

Suspect down to VPN use as I use a couple.

0 Kudos
Reply
  • 13.02K
  • 371
  • 1.06K
Moderator
Moderator
2,057 Views
Message 9 of 15
Flag for a moderator

Re: You have been infected by wannacry (email from Virgin)

Apologies for any confusion over the recent WannaCry mailings, we've queried this with our Internet Security team who have provided more information on how and why the communications have been sent.

Shadowserver have identified some Virgin Media IP addresses that have communicated with domain names the WannaCry malware communicates with. They use a technology called DNS Sinkholing to be able to identify the IP addresses that have tried to query the domains in question. The reports are not related to any incoming or outgoing traffic on port 445 – the malware does not communicate over the port, it just uses it to propagate.

The issue with the sinkholing method is some will have visited these domains out of curiosity or as part of some security research – this kind of activity is usually done in a safe environment like a virtual machine. We’d expect to see the reporting of a few false positives due to this.

As advised please visit virginmedia.com/wannacry for further advice and information on WannaCry

Rgds

Ralph_R
Forum Moderator

The do's and don'ts. Keep the community welcoming for all. Follow the house rules


  • 31
  • 1
  • 2
prowl
On our wavelength
2,038 Views
Message 10 of 15
Flag for a moderator

Re: You have been infected by wannacry (email from Virgin)

Ah well that explains it for me I had a look at the kill switch website ( linked on BBC ) that the Security dude bought which stopped that first iteration to see what he put up there... nothing exciting at the time.

 

0 Kudos
Reply