Menu
Reply
SuttonGreen
  • 7
  • 0
  • 0
Tuning in
313 Views
Message 1 of 13
Flag for a moderator

Received email saying I'm infected with Malware

I am concerned by the unnamed malware issue.  I have McAfee AV on all my connected devices (except tv, phone & tablets).  I keep a daily firewall log and haven't spotted any dodgy outbound traffic. I have recently reported being the target of incoming attacks on port 23.

Is it possible to know what type of traffic the malware is generating - spam email / port scanning / website attacks etc and whether the destination is one specific site / user or flooding?

I was an IT system engineer by trade, so understand technical replies.

Tags (1)
0 Kudos
Reply
g0akc
  • 879
  • 80
  • 169
Well-informed
280 Views
Message 2 of 13
Flag for a moderator

Re: Received email saying I'm infected with Malware

Run Wireshark on the interface and go through the traces.

Where did this email come from?

------------------------------------------------------------------------------------------------------------------------------
I know a bit about Wi-Fi, Telecoms, and TV as I used to do it for a living but I'm not perfect so don't beat me up... If you make things you make mistakes!
0 Kudos
Reply
SuttonGreen
  • 7
  • 0
  • 0
Tuning in
241 Views
Message 3 of 13
Flag for a moderator

Re: Received email saying I'm infected with Malware

Thanks for the quick reply.  I do run wireshark periodically and it's never shown up anything bad.  I'll try it again. I thought I could take pride in having a pretty secure computer system (over 3000 lines of blocks in my firewall). I do check my (Windows) firewall daily and monitor both incoming and outgoing traffic. Apart from the rather annoying Russian, China and Netherlands hackers (which I block)  I have had a lot of port 23 hits coming in recently from a Virgin IP address that I have reported on the Virgin site .  I wonder if that has anyting to do with the (genuine as far as I can see) email from Virgin.  Hope they haven't mixed it up and have me down as the one hitting port 23 on someone else's computer!  Not around to do the wireshark stuff tomorrow so will post again later on Monday.

Thanks for your help so far!

0 Kudos
Reply
g0akc
  • 879
  • 80
  • 169
Well-informed
201 Views
Message 4 of 13
Flag for a moderator
Helpful Answer

Re: Received email saying I'm infected with Malware

Other things to check include; 

See if your public IP address is blacklisted (if you’re generating spam it may be) - check on sites like spamhaus

https://check.spamhaus.org/

Run some good anti malware programs on the suspect machine and scan it - may need to try different ones.

------------------------------------------------------------------------------------------------------------------------------
I know a bit about Wi-Fi, Telecoms, and TV as I used to do it for a living but I'm not perfect so don't beat me up... If you make things you make mistakes!
0 Kudos
Reply
SuttonGreen
  • 7
  • 0
  • 0
Tuning in
140 Views
Message 5 of 13
Flag for a moderator

Re: Received email saying I'm infected with Malware

Checked Spamhaus - clean

Checked it was up to date and ran full scan of McAfee Endpoint Security - clean

Ditched AdAware years ago.

Spent the evening dipping in and out of Wireshark - nothing abnormal in the logs.

Checked my Windows Firewall logs and nothing abnormal outbound.

As I mentioned, I check my firewall log daily. I do suffer from a fair number of probes and port scans of my IP, mostly Russia, China and the Netherlands - all long time favourites on https://scamalytics.com/ip   My firewall drops them all but they keep trying.  Noticed a surge in ICMP pings from the US aimed at my IP today (over 450 in 24 hours - unusually high for ICMP).  I have reported scans (running to thousands of hits on my IP) originating from other Virgin IPs to Virgin abuse recently and I can't help but wonder whether that has triggered the message that I am infected!

Out of ideas!  Any help welcome.

0 Kudos
Reply
Zoie_P
  • 2.47K
  • 117
  • 196
Forum Team
Forum Team
95 Views
Message 6 of 13
Flag for a moderator

Re: Received email saying I'm infected with Malware

Hi Suttongreen

Thanks for your post, I am sorry to hear you have received an email saying you are infected with malware, was this from us? Did the email have any advice on there?

Zoie

0 Kudos
Reply
SuttonGreen
  • 7
  • 0
  • 0
Tuning in
82 Views
Message 7 of 13
Flag for a moderator

Re: Received email saying I'm infected with Malware

Looks like a genuine Virgin email to me.  Content:

A device using your internet connection may be infected with malware

 We’ve been notified by a third party that malicious traffic has been detected coming from a device using your internet connection. We don’t know which device this is, but it does mean your personal data and online financial transactions, including credit card purchases, could be at risk.

 It’s likely that a device connected to your broadband is infected with malware. This probably isn’t your fault, but it's important you get your device fixed so the malicious traffic stops as soon as possible. We’ll help you do this below.

We need to let you know that if you don’t get it fixed, to protect others we may need to suspend or cancel your broadband service in line with our Acceptable Use Policy.

 What to do next

We recommend using anti-virus software to scan and clean-up your devices. There are a number of trusted anti-virus software options available if you don’t have one already.

For help with this, please visit virginmedia.com/networkattacks

As well as using anti-virus software, Web Safe is available for free to Virgin Media Fibre customers to help protect you against malware and viruses. Full details can be found by signing in to Your Account at virginmedia.com/myvirginmedia and going to My Apps.

 

Pretty scant on detail - would have been rather useful to know what malicious traffic Virgin had in mind (email, port scans, DDoS, etc) and enough information for me to check who the target was (obviously not the full IP address for security/ confidentiality reasons).  Also useful would have been when this activity started / get reported, is there a pattern (overnight / 24/7 etc). 

I am a former IT Sytem Engineer who takes internet security seriously and threatening disconnection and pushing Websafe without providing anything in the way of detail is pretty Ofcom-complaint stuff to me.

As in previous posts, firewall and WIreshark logs all clean.  If my system is compromised, in need some evidence, because I can't find any.

0 Kudos
Reply
David_Bn
  • 4.91K
  • 226
  • 402
Forum Team
Forum Team
67 Views
Message 8 of 13
Flag for a moderator

Re: Received email saying I'm infected with Malware

Thanks for coming back to us SuttonGreen and I'm sorry to see that our IT department have not been able to go into further detail.

 

Can you tell me if you've been able to perform scans on all devices that have connected to the broadband services since your latest post on Wednesday?

 

If so, has this produced any results that may point to the troublesome device?

 

Kindest regards,

 

David_Bn

0 Kudos
Reply
SuttonGreen
  • 7
  • 0
  • 0
Tuning in
62 Views
Message 9 of 13
Flag for a moderator

Re: Received email saying I'm infected with Malware

Thanks for following up.  You've got to admit that actually giving details of the trouble makes troubleshooting a whole lot easier!

OK, so I've taken the opportunity to scan all 3 computer based devices -all are clean. There are 2 Android tablets and 2 mobile phones but none are showing any excess packet data in or out. None have AV software.

I also decided to completely wipe and rebuild my laptop which has been 'round the block' a few times (but again was clean when tested) hence the delayed reply.

So how do I know if the problem is cured - especially as I wasn't told the details of the problem to start with???  Do I get a letter saying a) your account is suspended as there is still evidence of malware or b) one saying it's all OK now or c) no letter at all?

I find the whole matter to be inefficient and very unprofessional and certainly not a good advertisement for Virgin Media. And one in which Ofcom may be interested.

 

0 Kudos
Reply
gary_dexter
  • 30.36K
  • 1.88K
  • 4.04K
Alessandro Volta
49 Views
Message 10 of 13
Flag for a moderator

Re: Received email saying I'm infected with Malware

OFCOM won’t be interested at all actually.

It’s down to you to troubleshoot and clean your internal network and devices. 


*****
If you think my answer has helped - please provide me with a Kudos rating and mark as Helpful Answer!!
I do not work for Virgin Media - all opinions expressed are of my own and all answers are provided from my own and past experiences.
Office 365, Dynamics CRM and Cloud Computing Jedi
0 Kudos
Reply