Menu
Reply
Kenwj
  • 23
  • 0
  • 0
Tuning in
1,418 Views
Message 1 of 20
Flag for a moderator

A device using your internet connection may be infected with malware

 Have run antivirus protection since receiving it and nothing was reported. Is this a genuine message from Virgin

0 Kudos
Reply
用心棒
  • 6.98K
  • 770
  • 2.36K
Very Insightful Person
Very Insightful Person
1,397 Views
Message 2 of 20
Flag for a moderator

Re: A device using your internet connection may be infected with malware

Virgin Media do send out such notices, see here What is a malware alert?, however if authenticity is in doubt post back here to have the issue flagged to the forum team.

Out of curiosity, did the notice identify the malware by name?

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
Kenwj
  • 23
  • 0
  • 0
Tuning in
1,391 Views
Message 3 of 20
Flag for a moderator

Re: A device using your internet connection may be infected with malware

Three was no mention of the name of the malware  but it did say

For extra advice, or to double-check that this is a genuine Virgin Media communication, head to our community at virginmedia.com/community, click 'Help forum' and join the conversation on the Security Matters board.

 

Kind regards,

Back to top

The Virgin Media team

0 Kudos
Reply
用心棒
  • 6.98K
  • 770
  • 2.36K
Very Insightful Person
Very Insightful Person
1,384 Views
Message 4 of 20
Flag for a moderator

Re: A device using your internet connection may be infected with malware

Issue flagged to the forum team for confirmation of authenticity and for more detail of the malware detected; be aware it can take them a few hours / days to respond.

0 Kudos
Reply
Natalie_L
  • 4.05K
  • 169
  • 341
Forum Team
Forum Team
1,376 Views
Message 5 of 20
Flag for a moderator

Re: A device using your internet connection may be infected with malware

Hi Kenwj

 

Thank for getting in touch with us here on the Community. 

 

I would be happy to take a look from our side to confirm if we have sent you the email, I will just need to grab a few details if that's okay?

 

I will pop you over a private message now and this will be available via the purple envelope on the top right of this page. 

 

Speak soon, 

 

 

Nat
0 Kudos
Reply
kevcharben
  • 67
  • 0
  • 6
On our wavelength
1,346 Views
Message 6 of 20
Flag for a moderator

Re: A device using your internet connection may be infected with malware

I have just received a similar email with the subject heading of

 

[IMPORTANT] Virgin Media Alert: Your device may have a malware infection

 

It gave the following

Your Virgin Media Account number: ?? - ????????? (blocked this off as it is the correct details)

Our reference: VMIS158-SUSPICIOUS_ACTIVITY-F009302037

A device using your internet connection may be infected with malware

 

Dear Mr ???????,

You have received this email as one or more of your Virgin Media mailboxes has recently been locked due to suspicious activity being detected.

It is important that you:

  1. Do a full virus scan on your device with up-to-date anti-virus software
  2. Reset your password to something new, unique to this account and secure.

After resetting your password, your mailbox will automatically be unlocked after 15 minutes.

Please ensure that the above points have been completed to prevent your mailbox from being locked again.

More help and support

For extra advice, or to double-check that this is a genuine Virgin Media communication, head to our community at virginmedia.com/community, click 'Help forum' and join the conversation on the Security Matters board.

Kind regards,

The Virgin Media team

 

0 Kudos
Reply
Kenwj
  • 23
  • 0
  • 0
Tuning in
1,343 Views
Message 7 of 20
Flag for a moderator

Re: A device using your internet connection may be infected with malware

I have been on with a member of the forum and it does appear that this is genuine message.
0 Kudos
Reply
gobstopper
  • 13
  • 1
  • 4
On our wavelength
1,331 Views
Message 8 of 20
Flag for a moderator
Helpful Answer

Re: A device using your internet connection may be infected with malware

I've received similar communications - initially by email (which I promptly forwarded to phishing@virginmedia.com)

REF: VMIS60-NETWORKATTACKS-F009271624

Since then I have also received a letter through the post. I won't say for a second that I am immune, but I have worked in IT for over 30 years and spent 17 years of that time involved with internet security (working on Firewall solutions, anti-malware, web filtering, anti-spam, multi-factor authentication etc...) so am hyper-aware of what I do while online and because of my time involved in the security side of things and the vendors I worked alongside at the time I am fortunate to call upon business class solutions to protect my home network (including different endpoint security installations on my various machines and a business-class firewall - so all my superhub is providing is the basic connection out to the internet). All software is genuine, I don't install mobile apps from non-sanctioned sources or any of that kind of thing. Because of Covid I have spent much of the past 18 months working from home, meaning that only machine normally switched on is my work laptop and because it is more powerful that my personal equipment and I have used it almost exclusively during this time.

However, in light of this letter, I have run scans on all of my machines using both the installed endpoint solution (some running McAfee VirusScan Enterprise, others using Panda Adaptive Defense) and I have also run Trend Micro Housecall scans on all of them this as this also includes a network scanning component. All have come back clean.

There's also the fact I that I often use a VPN which would mean any such activity, if it were truly happening, would be linked to that IP address not my Virgin IP address.

The one aspect of the communications I have received from VM (both email & letter) which I am skeptical of is the statement "We have been informed by a third party that malicious traffic has been detected coming from a device using your internet connection".

I have, like many I'm sure, been targeted over the phone by scammers claiming to have detected issues with my internet connection requesting access to my PC so that they can fix my problem. Those callers have been swiftly dealt with, or confused by the fact that I don't have Windows (many of my machines are Linux or Unix-based) but I do wonder if this is now a new tactic being employed when they come across someone who actually knows about IT and networking and can see through their charade before they've even finished their opening statement. By shutting down these *insert swear word* they have now taken to making a nuisance of themselves by trying to scam the ISP directly.

As someone else has previously commented there is no mention in the communication from VM what malware it is. But also, "a third party?". While I don't expect VM to be responsible for the behaviour of every single one of their subscribers, surely they have the capacity to detect any such activity themselves and inform the customer, not wait for a third party to report it to them? While it has been 6 years since I left the internet security side of things and returned to 'normal' IT, I worked closely enough with the major security vendors at the time (McAfee, Symantec, Sophos, SonicWall, Trend, Panda, etc...) to know that this kind of network-level scanning exists and given at one point VM could (and would) apply bandwidth controls to over-enthusiastic users, or those seen to be using torrents and such like, they would easily be capable of picking up on malicious traffic patterns and advise the customer's without needing to be informed by a third party.

Then there's the rather threatening "we may need to suspend or cancel your broadband service in line with our Acceptable Use Policy." statement.

I can provide scan results to show that my machines are not harbouring malware, so can VM themselves provide evidence that proves otherwise?

Plus, if they can provide such, can they confirm exactly what malware it is?

Natalie_L
  • 4.05K
  • 169
  • 341
Forum Team
Forum Team
1,316 Views
Message 9 of 20
Flag for a moderator

Re: A device using your internet connection may be infected with malware

Hi Kenwj

 

Thank you for joining me for a private chat. 

 

I am glad we have been able to get this matter resolved for you. 

 

Please get in touch if we can assist in the future. 

 

 

Nat
0 Kudos
Reply
Kenwj
  • 23
  • 0
  • 0
Tuning in
1,193 Views
Message 10 of 20
Flag for a moderator

Re: A device using your internet connection may be infected with malware again!

Natalie,

I have just discovered yet another email  

Our reference: VMIS158-SUSPICIOUS_ACTIVITY-F009308684 A device using your internet connection may be infected with malware

exactly as before. Am I going to keep getting these as I have run my scan again and it says no issues found.

0 Kudos
Reply