Menu
Reply
  • 4
  • 0
  • 0
OldManBrook
Joining in
504 Views
Message 1 of 4
Flag for a moderator

[IMPORTANT] Virgin Media Alert: Your device may have a malware infection

Hello Everyone

I've received an email from VM that is puzzling me as it has with others I have read about on this forum.


Your Virgin Media account number: 22 - 81X81X80X

Our reference: VMIS5-MALWARE-F007397903

 A device using your internet connection may be infected with malware

 Dear Mr OldManBrook,

We’ve been alerted that one or more of the devices you use to go on the internet is infected with malicious software (malware). We don’t know which device, but it does mean your personal data and online financial transactions, including any credit card purchases, could be at risk.

This probably isn’t your fault, but we do need you to make some changes now to ensure your data remains safe and secure.We’ll help you do that.

How we found the problem

To protect our customers, we work with a number of not-for-profit organisations that gather information about internet connections that appear to be at risk of things like malware infections. On 04 September 2019, one detected that conficker , a piece of malware, was present on a device using your internet connection.

What to do next

We recommend using anti-virus software to scan and clean up your devices. There are a number of trusted anti-virus software options available if you don’t have one already.

For help with this, please visit virginmedia.com/malware

As well as using anti-virus software, Web Safe is available for free to Virgin Fibre customers to help protect you against malware and viruses. Full details can be found by signing in to Your Account at virginmedia.com/myvirginmedia and going to My Apps.

More help and support

For extra advice, or to double-check that this is a genuine Virgin Media communication, head to our community at virginmedia.com/community, click 'Help forum' and join the conversation on the Security Matters board.

Kind regards,
The Virgin Media team


In total, I run 3 fully patched Win7, 2x Win10 and 2 x Linux MINT PC devices, 3 x Rpis as media players and 6-7 phones in the house. All PC's use Zonealarm as AV/Firewall.

My wifi network is secured by MAC so only known devices can access.

The superhub2 is in modem mode connected to 2 x ASUS routers providing full house coverage.

I have run full scans on all Windows devices and performed a full nmap scan of my network for any conficker vulnerabilities (command below).

sudo nmap --script p2p-conficker,smb-os-discovery,vuln --script-args=safe=1 -T4 -vv -p445 192.168.0.1/24

So...

My question is how have VM determined it is one of my devices that is infected.
I have also noticed it appears I am being traffic managed with the connection dropping all the time over the past week (since the 04 Sept when VM detected a compromised device)?

When the hub is in modem mode, I assume this IP is shared with other users and can this lead to false positives in this regard.

If you've go this far, thanks for reading it all Smiley Happy

Best

Jason

0 Kudos
Reply
  • 6.12K
  • 469
  • 1.02K
Tudor
Hero
491 Views
Message 2 of 4
Flag for a moderator

Re: [IMPORTANT] Virgin Media Alert: Your device may have a malware infection

Quote: “I assume this IP is shared with other users”. NO your WAN IP is solely used by you. Unless you have dropped in/out of router mode your WAN IP is very likely to remain the same for a long time.


Tudor
There are 10 types of people: those who understand binary and those who don't and F people out of 10 who do not understand hexadecimal c1a2a285948293859940d9a49385a2
0 Kudos
Reply
  • 4
  • 0
  • 0
OldManBrook
Joining in
480 Views
Message 3 of 4
Flag for a moderator

Re: [IMPORTANT] Virgin Media Alert: Your device may have a malware infection

Thanks for clarifying Tudor..

Typo on my part, I meant to describe the network node but didn't proof-read and posted IP by mistake.
Obviously if we shared IP's, we would get each others traffic! Smiley Embarassed

My theory was if conficker was detected on a node, could it be attributed to me.

One additional point I failed to mention is the main ASUS router has DDNS configured for permitting my CCTV unit.
Could this be a potential cause of a false positive?

0 Kudos
Reply
  • 6.12K
  • 469
  • 1.02K
Tudor
Hero
368 Views
Message 4 of 4
Flag for a moderator

Re: [IMPORTANT] Virgin Media Alert: Your device may have a malware infection

It’s would not be DDNS on the ASUS router, I use DDNS on my Ubiquiti router. As far as I can tell you seem to covered all avenues.


Tudor
There are 10 types of people: those who understand binary and those who don't and F people out of 10 who do not understand hexadecimal c1a2a285948293859940d9a49385a2
0 Kudos
Reply