Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

A device using your internet connection may be infected with malware

Go to solution
Kenwj
Tuning in

on ‎25-09-2021 10:56

 Have run antivirus protection since receiving it and nothing was reported. Is this a genuine message from Virgin

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
gobstopper
On our wavelength
In response to Natalie_L

on ‎25-09-2021 16:31

I've received similar communications - initially by email (which I promptly forwarded to phishing@virginmedia.com)

REF: VMIS60-NETWORKATTACKS-F009271624

Since then I have also received a letter through the post. I won't say for a second that I am immune, but I have worked in IT for over 30 years and spent 17 years of that time involved with internet security (working on Firewall solutions, anti-malware, web filtering, anti-spam, multi-factor authentication etc...) so am hyper-aware of what I do while online and because of my time involved in the security side of things and the vendors I worked alongside at the time I am fortunate to call upon business class solutions to protect my home network (including different endpoint security installations on my various machines and a business-class firewall - so all my superhub is providing is the basic connection out to the internet). All software is genuine, I don't install mobile apps from non-sanctioned sources or any of that kind of thing. Because of Covid I have spent much of the past 18 months working from home, meaning that only machine normally switched on is my work laptop and because it is more powerful that my personal equipment and I have used it almost exclusively during this time.

However, in light of this letter, I have run scans on all of my machines using both the installed endpoint solution (some running McAfee VirusScan Enterprise, others using Panda Adaptive Defense) and I have also run Trend Micro Housecall scans on all of them this as this also includes a network scanning component. All have come back clean.

There's also the fact I that I often use a VPN which would mean any such activity, if it were truly happening, would be linked to that IP address not my Virgin IP address.

The one aspect of the communications I have received from VM (both email & letter) which I am skeptical of is the statement "We have been informed by a third party that malicious traffic has been detected coming from a device using your internet connection".

I have, like many I'm sure, been targeted over the phone by scammers claiming to have detected issues with my internet connection requesting access to my PC so that they can fix my problem. Those callers have been swiftly dealt with, or confused by the fact that I don't have Windows (many of my machines are Linux or Unix-based) but I do wonder if this is now a new tactic being employed when they come across someone who actually knows about IT and networking and can see through their charade before they've even finished their opening statement. By shutting down these *insert swear word* they have now taken to making a nuisance of themselves by trying to scam the ISP directly.

As someone else has previously commented there is no mention in the communication from VM what malware it is. But also, "a third party?". While I don't expect VM to be responsible for the behaviour of every single one of their subscribers, surely they have the capacity to detect any such activity themselves and inform the customer, not wait for a third party to report it to them? While it has been 6 years since I left the internet security side of things and returned to 'normal' IT, I worked closely enough with the major security vendors at the time (McAfee, Symantec, Sophos, SonicWall, Trend, Panda, etc...) to know that this kind of network-level scanning exists and given at one point VM could (and would) apply bandwidth controls to over-enthusiastic users, or those seen to be using torrents and such like, they would easily be capable of picking up on malicious traffic patterns and advise the customer's without needing to be informed by a third party.

Then there's the rather threatening "we may need to suspend or cancel your broadband service in line with our Acceptable Use Policy." statement.

I can provide scan results to show that my machines are not harbouring malware, so can VM themselves provide evidence that proves otherwise?

Plus, if they can provide such, can they confirm exactly what malware it is?

See where this Helpful Answer was posted

19 REPLIES 19

Go to solution
用心棒
Very Insightful Person
Very Insightful Person

on ‎25-09-2021 12:37

Virgin Media do send out such notices, see here What is a malware alert?, however if authenticity is in doubt post back here to have the issue flagged to the forum team.

Out of curiosity, did the notice identify the malware by name?

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos

Go to solution
Kenwj
Tuning in

on ‎25-09-2021 12:56

Three was no mention of the name of the malware  but it did say

For extra advice, or to double-check that this is a genuine Virgin Media communication, head to our community at virginmedia.com/community, click 'Help forum' and join the conversation on the Security Matters board.

 

Kind regards,

Back to top

The Virgin Media team

0 Kudos

Go to solution
用心棒
Very Insightful Person
Very Insightful Person
In response to Kenwj

on ‎25-09-2021 13:03

Issue flagged to the forum team for confirmation of authenticity and for more detail of the malware detected; be aware it can take them a few hours / days to respond.

0 Kudos

Go to solution
Natalie_L
Forum Team (Retired)
Forum Team (Retired)
In response to Kenwj

on ‎25-09-2021 13:44

Hi Kenwj

 

Thank for getting in touch with us here on the Community. 

 

I would be happy to take a look from our side to confirm if we have sent you the email, I will just need to grab a few details if that's okay?

 

I will pop you over a private message now and this will be available via the purple envelope on the top right of this page. 

 

Speak soon, 

 

 

Nat
0 Kudos

Go to solution
kevcharben
On our wavelength
In response to Natalie_L

on ‎25-09-2021 16:11

I have just received a similar email with the subject heading of

 

[IMPORTANT] Virgin Media Alert: Your device may have a malware infection

 

It gave the following

Your Virgin Media Account number: ?? - ????????? (blocked this off as it is the correct details)

Our reference: VMIS158-SUSPICIOUS_ACTIVITY-F009302037

A device using your internet connection may be infected with malware

 

Dear Mr ???????,

You have received this email as one or more of your Virgin Media mailboxes has recently been locked due to suspicious activity being detected.

It is important that you:

  1. Do a full virus scan on your device with up-to-date anti-virus software
  2. Reset your password to something new, unique to this account and secure.

After resetting your password, your mailbox will automatically be unlocked after 15 minutes.

Please ensure that the above points have been completed to prevent your mailbox from being locked again.

More help and support

For extra advice, or to double-check that this is a genuine Virgin Media communication, head to our community at virginmedia.com/community, click 'Help forum' and join the conversation on the Security Matters board.

Kind regards,

The Virgin Media team

 

0 Kudos

Go to solution
Kenwj
Tuning in
In response to kevcharben

on ‎25-09-2021 16:14

I have been on with a member of the forum and it does appear that this is genuine message.
0 Kudos

Go to solution
gobstopper
On our wavelength
In response to Natalie_L

on ‎25-09-2021 16:31

I've received similar communications - initially by email (which I promptly forwarded to phishing@virginmedia.com)

REF: VMIS60-NETWORKATTACKS-F009271624

Since then I have also received a letter through the post. I won't say for a second that I am immune, but I have worked in IT for over 30 years and spent 17 years of that time involved with internet security (working on Firewall solutions, anti-malware, web filtering, anti-spam, multi-factor authentication etc...) so am hyper-aware of what I do while online and because of my time involved in the security side of things and the vendors I worked alongside at the time I am fortunate to call upon business class solutions to protect my home network (including different endpoint security installations on my various machines and a business-class firewall - so all my superhub is providing is the basic connection out to the internet). All software is genuine, I don't install mobile apps from non-sanctioned sources or any of that kind of thing. Because of Covid I have spent much of the past 18 months working from home, meaning that only machine normally switched on is my work laptop and because it is more powerful that my personal equipment and I have used it almost exclusively during this time.

However, in light of this letter, I have run scans on all of my machines using both the installed endpoint solution (some running McAfee VirusScan Enterprise, others using Panda Adaptive Defense) and I have also run Trend Micro Housecall scans on all of them this as this also includes a network scanning component. All have come back clean.

There's also the fact I that I often use a VPN which would mean any such activity, if it were truly happening, would be linked to that IP address not my Virgin IP address.

The one aspect of the communications I have received from VM (both email & letter) which I am skeptical of is the statement "We have been informed by a third party that malicious traffic has been detected coming from a device using your internet connection".

I have, like many I'm sure, been targeted over the phone by scammers claiming to have detected issues with my internet connection requesting access to my PC so that they can fix my problem. Those callers have been swiftly dealt with, or confused by the fact that I don't have Windows (many of my machines are Linux or Unix-based) but I do wonder if this is now a new tactic being employed when they come across someone who actually knows about IT and networking and can see through their charade before they've even finished their opening statement. By shutting down these *insert swear word* they have now taken to making a nuisance of themselves by trying to scam the ISP directly.

As someone else has previously commented there is no mention in the communication from VM what malware it is. But also, "a third party?". While I don't expect VM to be responsible for the behaviour of every single one of their subscribers, surely they have the capacity to detect any such activity themselves and inform the customer, not wait for a third party to report it to them? While it has been 6 years since I left the internet security side of things and returned to 'normal' IT, I worked closely enough with the major security vendors at the time (McAfee, Symantec, Sophos, SonicWall, Trend, Panda, etc...) to know that this kind of network-level scanning exists and given at one point VM could (and would) apply bandwidth controls to over-enthusiastic users, or those seen to be using torrents and such like, they would easily be capable of picking up on malicious traffic patterns and advise the customer's without needing to be informed by a third party.

Then there's the rather threatening "we may need to suspend or cancel your broadband service in line with our Acceptable Use Policy." statement.

I can provide scan results to show that my machines are not harbouring malware, so can VM themselves provide evidence that proves otherwise?

Plus, if they can provide such, can they confirm exactly what malware it is?

Go to solution
Natalie_L
Forum Team (Retired)
Forum Team (Retired)
In response to Kenwj

on ‎25-09-2021 17:10

Hi Kenwj

 

Thank you for joining me for a private chat. 

 

I am glad we have been able to get this matter resolved for you. 

 

Please get in touch if we can assist in the future. 

 

 

Nat
0 Kudos

Go to solution
Kenwj
Tuning in
In response to Natalie_L

on ‎28-09-2021 17:23

Natalie,

I have just discovered yet another email  

Our reference: VMIS158-SUSPICIOUS_ACTIVITY-F009308684 A device using your internet connection may be infected with malware

exactly as before. Am I going to keep getting these as I have run my scan again and it says no issues found.

0 Kudos
Top