I've received similar communications - initially by email (which I promptly forwarded to phishing@virginmedia.com)
REF: VMIS60-NETWORKATTACKS-F009271624
Since then I have also received a letter through the post. I won't say for a second that I am immune, but I have worked in IT for over 30 years and spent 17 years of that time involved with internet security (working on Firewall solutions, anti-malware, web filtering, anti-spam, multi-factor authentication etc...) so am hyper-aware of what I do while online and because of my time involved in the security side of things and the vendors I worked alongside at the time I am fortunate to call upon business class solutions to protect my home network (including different endpoint security installations on my various machines and a business-class firewall - so all my superhub is providing is the basic connection out to the internet). All software is genuine, I don't install mobile apps from non-sanctioned sources or any of that kind of thing. Because of Covid I have spent much of the past 18 months working from home, meaning that only machine normally switched on is my work laptop and because it is more powerful that my personal equipment and I have used it almost exclusively during this time.
However, in light of this letter, I have run scans on all of my machines using both the installed endpoint solution (some running McAfee VirusScan Enterprise, others using Panda Adaptive Defense) and I have also run Trend Micro Housecall scans on all of them this as this also includes a network scanning component. All have come back clean.
There's also the fact I that I often use a VPN which would mean any such activity, if it were truly happening, would be linked to that IP address not my Virgin IP address.
The one aspect of the communications I have received from VM (both email & letter) which I am skeptical of is the statement "We have been informed by a third party that malicious traffic has been detected coming from a device using your internet connection".
I have, like many I'm sure, been targeted over the phone by scammers claiming to have detected issues with my internet connection requesting access to my PC so that they can fix my problem. Those callers have been swiftly dealt with, or confused by the fact that I don't have Windows (many of my machines are Linux or Unix-based) but I do wonder if this is now a new tactic being employed when they come across someone who actually knows about IT and networking and can see through their charade before they've even finished their opening statement. By shutting down these *insert swear word* they have now taken to making a nuisance of themselves by trying to scam the ISP directly.
As someone else has previously commented there is no mention in the communication from VM what malware it is. But also, "a third party?". While I don't expect VM to be responsible for the behaviour of every single one of their subscribers, surely they have the capacity to detect any such activity themselves and inform the customer, not wait for a third party to report it to them? While it has been 6 years since I left the internet security side of things and returned to 'normal' IT, I worked closely enough with the major security vendors at the time (McAfee, Symantec, Sophos, SonicWall, Trend, Panda, etc...) to know that this kind of network-level scanning exists and given at one point VM could (and would) apply bandwidth controls to over-enthusiastic users, or those seen to be using torrents and such like, they would easily be capable of picking up on malicious traffic patterns and advise the customer's without needing to be informed by a third party.
Then there's the rather threatening "we may need to suspend or cancel your broadband service in line with our Acceptable Use Policy." statement.
I can provide scan results to show that my machines are not harbouring malware, so can VM themselves provide evidence that proves otherwise?
Plus, if they can provide such, can they confirm exactly what malware it is?
